>> Server: CentOS 5.3, MIT Kerberos 1.6.x, Russ Alberry's pam_krb5 > >> Failure: Aside from GSSAPI not being used... > >> sshd[12234]: pam_krb5RA(sshd:auth): pam_sm_authenticate: entry (0x1) >> sshd[12234]: pam_krb5RA(sshd:auth): (user jblaine) attempting >> authentication as jblaine at FOO >> sshd[12234]: pam_krb5RA(sshd:auth): (user jblaine) credential >> verification failed: Wrong principal in request > > Usually this means the principal in the system keytab for your system > doesn't agree with the hostname or DNS name of the system. >
Thanks Russ. * Is there any way to see what principal is expected to be in the keytab? I've already added host/mega and host/192.168.1.6 to the keytab... * This is all in a private non-routed testbed network with no DNS resolution configured. Am I fighting an unwinnable battle with a testbed like this? I don't want to depend on DNS at all, and /etc/nsswitch.conf's are configured as such. Jeff [ finally subscribed in non-digest mode so he can reply properly ] ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
