Hi,
I have setup a MIT kerberos environment. But I meet a problem with numeric host
address support.
1. The kdc runs on linux server, debian testing latest, openssh 6.0p1, mit
kerberos 1.10.1.
2. A DNS A RR points to linux server, as "kdc = xxx"
3. Windows client: Win7 64bit, putty 0.62, kfw-3-2-2
4. MacOS X client: OSX 10.6.x
5. Linux client: debian testing latest
6. In krb5.conf or krb5.ini, "rdns = false" and in ssh_config, "GSSAPITrustDNS
= no"
7. The server has a host/ip@REALM principal in kdc and /etc/krb5.keytab
From Windows and OSX clients, we can login to linux server with "ssh root@ip"
by principal, but
from linux, kerberos always fails and then fallback to password
"debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address"
At first, I think it is openssh's problem. But I trace it into
ssh_gssapi_init_ctx() then gss_init_sec_context()
from libgssapi_krb5.so. It's beyond my affordable time to play with this beast.
Can anyone has a solution?
T.I.A
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
