On 2006-06-15 00:18:15 +0200, [EMAIL PROTECTED] (Michael B Allen) said: > What do you have to do to get sshd to do Kerberos on Mac OSX?
Nothing except enabling kerberos login (ssh worked out of the box to me). Just google for that it's pretty easy (OSX has kerberos built in). > I created an /etc/krb5.keytab and tried adding GSSAPIAuthentication yes to > /etc/sshd_config but from looking at captures it doesn't even try anything > remotely Kerberos related. I always get prompted for a password. I can ssh > to a linux machine in the same enviroment and it works perfectly. Using > otool -L I can see sshd is linked with the Kerberos Framework. > > The log messages are: > > Jun 14 17:47:15 mini xinetd[1290]: service ssh, IPV6_ADDRFORM > setsockopt() failed: Protocol not available (errno = 42) > Jun 14 17:47:15 mini xinetd[1290]: START: ssh pid=1325 from=192.168.2.16 > Jun 14 17:47:15 mini sshd[1325]: Generating 768 bit RSA key. > Jun 14 17:47:15 mini sshd[1325]: RSA key generation complete. > Jun 14 17:47:15 mini sshd[1325]: Connection from 192.168.2.16 port 34541 > Jun 14 17:47:15 mini sshd[1325]: reverse mapping checking getaddrinfo > for quark.foo.net failed - POSSIBLE BREAKIN ATTEMPT! > Jun 14 17:47:15 mini sshd[1325]: Failed none for miallen from > 192.168.2.16 port 34541 ssh2 > > That "reverse mapping" error is bogus. I have a perfectly good reverse > zone. From looking at captures it appear to do an IPv6 lookup and then > gives up. If it had tried a standard lookup it would have found the name. What version of OSX? How did you enable kerberos? Can you kinit on the mac? -- Sensei <[EMAIL PROTECTED]> The optimist thinks this is the best of all possible worlds. The pessimist fears it is true. [J. Robert Oppenheimer] ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
