The problem was actually in the sshd_config, it had the ‘useDNS’ line commented out. Switching it to yes fixed the problem.
MAT On 3/12/09 3:12 PM, "Douglas E. Engert" <[email protected]> wrote: > I bet you have an .ssh/config or in the ssh_config > with a Host section with HostName 10.52.152.77 > If so ssh might be mapping the name you gave into > in to a string with the numbers. And this is being passed > to Kerberos. > > > > > > Douglas E. Engert wrote: >> > >> > Mathew Rowley wrote: >>> >> When trying to ssh with a kerberos ticket (with GSSAPI enabled and >>> working) >>> >> to a RH4 box, I get the following error from ssh: >>> >> >>> >> ... >>> >> debug1: Authentications that can continue: >>> >> publickey,gssapi-with-mic,password,keyboard-interactive >>> >> debug1: Next authentication method: gssapi-with-mic >>> >> debug1: Unspecified GSS failure. Minor code may provide more information >>> >> Server not found in Kerberos database >>> >> >>> >> debug1: Unspecified GSS failure. Minor code may provide more information >>> >> Server not found in Kerberos database >>> >> ... >>> >> >>> >> When looking at the krb5kdc.log I see: >>> >> >>> >> Mar 11 22:59:09 kdc01.security.lab.comcast.net krb5kdc[17694](info): >>> TGS_REQ >>> >> (7 etypes {18 17 16 23 1 3 2}) 10.252.152.78: UNKNOWN_SERVER: authtime >>> >> 1236809289, [email protected] for host/[email protected], Server >>> not >>> >> found in Kerberos database >>> >> krb5kdc: Interrupted system call - while selecting for network input(1) >>> >> >>> >> It seems like the box I am trying to ssh to is sending >>> Œhost/10.242.142.77¹ >>> >> instead of what I expected Œhost/rsa01.security.lab.comcast.net¹. Does >>> >> anyone have any idea why this would be happening? I have exact same >>> >> configurations on RH5 boxes that will work properly and send host/FQDN... >> > >> > On the client, what is the ssh command you type in? >> > What is in the /etc/hosts file? >> > What is in the krb5.conf file? >> > Is nsswitch.conf mapping any hosts? >> > What does nslookup rsa01.security.lab.comcast.net show? >> > >> > Is this a private network? >> > Are your DNS servers doing something special and actually returning >> > the name as 10.242.142.77? >> > >> > A Wireshark trace might show what DNS is doing here. >> > >> > >> > >>> >> Thanks. >>> >> >> > > > -- > > Douglas E. Engert <[email protected]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > -- MAT ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
