Hi, I think i am little short on the problem. Thanks for your useful debugging info. I am trying to connect the host "kannan" but in kerberos log it tries to connect "dineshbabu". I ping the host address "dineshbabu" it was not resolved. I also added the host entry for "kannan" /etc/hosts. Here is the kerberos trace log
Getting credentials [email protected] -> host/ [email protected] using ccache FILE:/tmp/krb5cc_845_F19364 Retrieving [email protected] -> host/ [email protected] from FILE:/tmp/krb5cc_845_F19364 with result: -1765328243/Matching credential not found Retrieving [email protected] -> krbtgt/ [email protected] from FILE:/tmp/krb5cc_845_F19364 with result: 0/success Found cached TGT for service realm: [email protected] -> krbtgt/ [email protected] Requesting tickets for host/ [email protected], referrals on Generated subkey for TGS request: aes256-cts/E32A etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac Sending request (784 bytes) to ZMEDIA.ULTRASOUND.COM Sending initial UDP request to dgram 192.168.15.201:88 Received answer from dgram 192.168.15.201:88 Response was not from master KDC TGS reply is for [email protected] -> krbtgt/ [email protected] with session key aes256-cts/8082 TGS request result: 0/success Removing [email protected] -> krbtgt/ [email protected] from FILE:/tmp/krb5cc_845_F19364 Storing [email protected] -> krbtgt/ [email protected] in FILE:/tmp/krb5cc_845_F19364 Following referral TGT krbtgt/[email protected] Requesting tickets for host/ [email protected], referrals on Generated subkey for TGS request: aes256-cts/91E3 etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac Sending request (804 bytes) to ZMEDIA.ULTRASOUND.COM Sending initial UDP request to dgram 192.168.15.201:88 Received answer from dgram 192.168.15.201:88 Response was not from master KDC TGS reply is for [email protected] -> krbtgt/ [email protected] with session key aes256-cts/C121 TGS request result: 0/success Regards, Bharathi kannan R On Tue, May 28, 2013 at 6:11 AM, Greg Hudson <[email protected]> wrote: > I don't know what's wrong, but I have some ideas for gathering more > information. From what you've posted, it appears that: > > 1. kinit can send an AS requests to the realm's KDC (because kinit works) > 2. kinit can receive an AS reply from the realm's KDC (because kinit works) > 3. ssh can send a TGS request to the realm's KDC (because the request > appears in the log) > 4. ssh cannot receive a TGS reply from the realm's KDC (because of the > error message in the ssh -v output). > > Some things which might help determine what's wrong: > > * Set the KRB5_TRACE environment variable to a filename before running > kinit and then ssh. Comparing the resulting trace output may determine > if ssh is somehow behaving differently from kinit. > > * Run "kvno host/remote-hostname" to see if you can successfully make > TGS requests from a program other than ssh. > > On 05/27/2013 04:02 PM, kannan rbk wrote: > > Dear team, > > I am using Kerberos 5. I configured single sign on in ssh. I had a ticket > > but I cannot login without password. > > I changed "GSSAPIAuthentication yes" in sshd_config and > > "GSSAPIAuthentication yes,GSSDelegateCredentials yes" in ssh_config. > > Error Trace From "ssh -v" > > Cannot connect any kdc server > > > > It's repeated 3 times. In Kerberos server log, it requests TGS request 4 > > times. I am trying to ssh centos machine from Ubuntu. Kinit is working > > fine. I am able to login without password from centos to Ubuntu. > > > > Please help me. > > > > Regards, > > Bharathi Kannan R > > > > > > -- Regards, Bharathikannan R ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
