Michael B Allen <[EMAIL PROTECTED]> wrote: > On 9/4/07, Roman S <[EMAIL PROTECTED]> wrote: >> I've configured a Microsoft Active Directory with LDAP and Kerberos, >> and some Linux (Redhat) clients who authenticate to it. >> I'm able to get some tickets for the users who are in the Active >> Directory, but SSH behaves a bit strange. >> >> I can always ssh to the same machine again. >> Like >> #foo: ssh foo >> >> but I can't ssh to any other computers. I always get a Permission >> denied. >> I've only enabled gssapi authentication, all others are disabled. >> Debug output of ssh didn't get me any further. > > Hi Roman, > > Did you create the host principal and keytab for the target server?
I suspect yes or the inital credential forwarding would not work either. > Also, you'll need a .k5login file in the home directory of the target: > > $ cat ~/.k5login > [EMAIL PROTECTED] You do not NEED a .k5login file. It may be useful in certain environments, but it is not required. > Google for info about the above and you should find a tutorial I > would think. You probably need to: 1) ensure that forwardable tickets are being obtained (I suspect this is already the case) 2) set GSSAPIDelegateCredentials yes for ssh and/or sshd <<CDC ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
