Jeff Blaine <[email protected]> writes: > I happened to notice this (note the missing realm) after a > failed GSSAPI attempt to the SSH server (mega):
> [r...@mega ~]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: jbla...@foo > Valid starting Expires Service principal > 01/04/10 16:14:51 01/11/10 16:14:51 krbtgt/f...@foo > renew until 01/18/10 16:14:51 > 01/04/10 16:15:08 01/11/10 16:14:51 host/mega@ > renew until 01/18/10 16:14:51 Ah, that means that the client doesn't know what the local realm is and is therefore trying to ask the server via referrals, but the server isn't answering that question. > I updated /etc/krb5.conf to include > [domain_realm] > mega = FOO > And all is well when connecting from mega to mega with OpenSSH > and GSSAPI options. > All is well, too, when connecting from sol10 SPARC stock SSH > to mega using GSSAPI options. > PuTTY-GSSAPI as the client still gives me the same error :( Did you update the Windows equivalent (krb5.ini, I think)? -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
