Re: Single sign-on with ssh (only unix)

Nathan Ollerenshaw Thu, 02 Jun 2005 20:28:30 -0700

Hi again folks!

I eventually got it working partially, but I have a question.


serenity:~ chrome$ klist -f
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: [EMAIL PROTECTED]

Valid Starting     Expires            Service Principal

06/03/05 11:56:31 06/03/05 21:56:29 krbtgt/[EMAIL PROTECTED]

        renew until 06/03/05 11:56:31, FPRI

06/03/05 11:56:37 06/03/05 21:56:29 host/[EMAIL PROTECTED]

        renew until 06/03/05 11:56:31, FPRT

06/03/05 11:56:43 06/03/05 21:56:29 host/[EMAIL PROTECTED]

        renew until 06/03/05 11:56:31, FPRT

klist: No Kerberos 4 tickets in credentials cache
serenity:~ chrome$ ssh monster.sys.intra
Last login: Fri Jun  3 12:22:46 2005 from nuts.sys.intra
[EMAIL PROTECTED] ~]$ ssh nuts.sys.intra
Last login: Fri Jun  3 12:22:40 2005 from monster.sys.intra
[EMAIL PROTECTED] ~]$ ssh monster.sys.intra
Last login: Fri Jun  3 12:23:21 2005 from 10.0.13.24
[EMAIL PROTECTED] ~]$ ssh nuts.sys.intra
Permission denied (gssapi-with-mic).
[EMAIL PROTECTED] ~]$

That should work, right? I should be able to go workstation ->monster -> nuts -> monster -> nuts -> monster -> etc


right?

serenity:~ chrome$ kinit -f
Please enter the password for [EMAIL PROTECTED]:
serenity:~ chrome$ klist -f
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: [EMAIL PROTECTED]

Valid Starting     Expires            Service Principal

06/03/05 12:24:57 06/03/05 22:24:54 krbtgt/[EMAIL PROTECTED]

        renew until 06/03/05 12:24:57, FPRI

klist: No Kerberos 4 tickets in credentials cache
serenity:~ chrome$ ssh monster.sys.intra
Last login: Fri Jun  3 12:24:39 2005 from 10.0.13.24
[EMAIL PROTECTED] ~]$ klist -f
Ticket cache: FILE:/tmp/krb5cc_500_wG5550
Default principal: [EMAIL PROTECTED]

Valid starting     Expires            Service principal

06/03/05 12:25:17 06/03/05 22:24:54 krbtgt/[EMAIL PROTECTED]

        renew until 06/03/05 12:24:57, Flags: FfPRT


Kerberos 4 ticket cache: /tmp/tkt500
klist: You have no tickets cached
[EMAIL PROTECTED] ~]$ ssh nuts.sys.intra
Last login: Fri Jun  3 12:23:24 2005 from monster.sys.intra
[EMAIL PROTECTED] ~]$ klist -f
Ticket cache: FILE:/tmp/krb5cc_5002
Default principal: [EMAIL PROTECTED]

Valid starting     Expires            Service principal

06/03/05 11:39:57 06/04/05 11:39:57 krbtgt/[EMAIL PROTECTED]

        renew until 06/03/05 11:39:57, Flags: FRI

06/03/05 11:40:03 06/04/05 11:39:57 host/[EMAIL PROTECTED]

        renew until 06/03/05 11:39:57, Flags: FRT


Kerberos 4 ticket cache: /tmp/tkt5002
klist: You have no tickets cached
[EMAIL PROTECTED] ~]$ ssh monster.sys.intra
Last login: Fri Jun  3 12:25:17 2005 from 10.0.13.24
[EMAIL PROTECTED] ~]$ klist -f
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_500)


Kerberos 4 ticket cache: /tmp/tkt500
klist: You have no tickets cached
[EMAIL PROTECTED] ~]$

It seems that after a few hops, i lose the ticket forwarding?

Regards,

Nathan.

--
Nathan Ollerenshaw / Systems Engineer
Systems Engineering
ValueCommerce Co., Ltd.

Tokyo Bldg 4F 3-32-7 Hongo Bunkyo-ku Tokyo 113-0033 Japan
Tel. +81.3.3817.8995   Fax. +81.3.3812.4051
mailto:[EMAIL PROTECTED]

 "The man who carries a cat by the tail learns something
 that can be learned in no other way." - Mark Twain


________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Single sign-on with ssh (only unix)

Reply via email to