On Wed, 02 Feb 2005 15:05:12 -0800, nat wrote: > I'm installing kerberos on a debian distrib (current sarge), the > installation looks good, ticket are correctly created when a user ask for > a connection : > > Ticket cache: FILE:/tmp/[...] > Default principal: [EMAIL PROTECTED] > > Valid starting Expires Service principal 02/02/05 22:12:46 > 02/03/05 08:12:45 krbtgt/[EMAIL PROTECTED] > > Kerberos 4 ticket cache: /tmp/[...] > klist: You have no tickets cached > > > But after if he does a ssh on the machine, the kerberos password is > aked... > > I don't know what I sould do to correct this problem. Can so help me ? I'm > a totaly lost in krb5.
I was having a similar problem today. Debian Sarge at both ends of the SSH connection and a Windows 2003 KDC (SBS). I'd got PAM configured properly and could log on to Debian and get tickets, but SSH always fell back to keyboard-interactive. Entering the password again got me in successfully though. When using debug level 3 it seemed the SSH client tried GSSAPI first but didn't seem to get a response. I had set up the /etc/krn5.keytab file properly too according to the O'Reilly Kerberos book by Jason Garman. I then installed the kerberised telnet packages from Debian just to see whether I could get them going instead. Telnet complained about not being able to canonicalise the addresses or something which gave me a clue. I had just been (during the initial testing) using the hosts files on the two Linux machines for name resolution. The KDC couldn't resolve the hostnames though. Once I had stuck some records for the Debain machines in the DNS it all worked. -- Cheers Anton ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
