kerberos is setup to authenticate ssh sessions on my local network. it works fine to and from all the machines on the network except for the KDC itself. kerberos auth fails when sshing to or from the KDC. the logs of these failures from /var/heimdal/kdc.log, /var/log/authlog and ssh -vvv outputs are insufficient for me to figure out what's not working right.
the KDC is the only machine on the network that is running current (snap upgraded last night), the rest are on 3.9 release. here are the debugging outputs: /var/heimdal/kdc.log: 2006-07-09T17:46:00 TGS-REQ [EMAIL PROTECTED] from IPv4:10.9.0.253 for host/[EMAIL PROTECTED] 2006-07-09T17:46:00 TGS-REQ [EMAIL PROTECTED] from IPv4:10.9.0.253 for krbtgt/[EMAIL PROTECTED] [forwarded, forwardable] /var/log/authlog: Jul 9 17:52:06 kdchost sshd[20678]: GSSAPI MIC check failed ssh -vvv [EMAIL PROTECTED]: debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Delegating credentials debug1: Delegating credentials debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive the ssh -vvv outputs are not that enlightening, syslogging auth.debug doesn't show anything extra and it's not clear how to, if possible, turn up the kerberos log level. any advice would be appreciated. i suspect that this is some issue related to the KDC runnning current and the other machines being on 3.9 release. cheers, jake
