On Thu, September 6, 2007 12:38 pm, Ken Aaker wrote: > Jim Rees wrote: >> Ken Aaker wrote: >> >> >> If it still won't work, try "ssh -v" to see whether it's attempting GSS >> authentication. When it works you'll see something like this: >> >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password,keyboard-interactive >> debug1: Next authentication method: gssapi-with-mic >> debug1: Delegating credentials >> debug1: Delegating credentials >> debug1: Authentication succeeded (gssapi-with-mic). >> >> > It's really close, it's working from "ralph" to "mars", but not from > "mars" to "ralph". > > I get 3 "debug2: we sent a gssapi-with-mic packet, wait for reply" > messages, then it fails over to password. The keytab files are identical > on the machines, and GSSAPIAuthentication is turned on in sshd_config on > both. Still something to do with the keytab on "ralph"?
Ralph should have the principal host/ralph.example.com in its keytab, and mars should have host/mars.example.com. You don't want to use the same host principal across multiple hosts. --david > > > > Ken > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
