On Tue, Aug 07, 2018 at 04:51:00PM -, Ryan Slominski via FreeIPA-users
wrote:
> Hi Robbie,
>What is the proper way to configure an IPA host so that the sshd will use
> the FQDN? I've noticed that IPA client installer modifies the file
> /etc/krb5.conf and adds the lines:
Does the 'hos
Hi Robbie,
What is the proper way to configure an IPA host so that the sshd will use
the FQDN? I've noticed that IPA client installer modifies the file
/etc/krb5.conf and adds the lines:
dns_canonicalize_hostname = false
rdns = false
If I comment out those lines then SSO works. Alternativ
Ryan Slominski via FreeIPA-users
writes:
> [root@testclient2 ~]# /usr/sbin/sshd -ddd -p 2
...
> debug1: Unspecified GSS failure. Minor code may provide more information
> No key table entry found matching host/testclient2@
Your KDC thinks this machine is called testclient2.example.com, wh
Hi Sumit,
Here is the sshd server side output with logging set to DEBUG3 after
re-running client and server over custom port 2:
[root@testclient2 ~]# /usr/sbin/sshd -ddd -p 2
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 920
de
Hi Robbie,
After setting KRB5_TRACE to a file in /tmp and running ssh command I get the
following output:
[1714] 1533649123.284380: ccselect module realm chose cache
KEYRING:persistent:1234:krb_ccache_6taXFjL with client principal
testu...@example.com for server principal
host/testclient2.exa
On Mon, Aug 06, 2018 at 05:30:22PM -0400, Robbie Harwood via FreeIPA-users
wrote:
> Ryan Slominski via FreeIPA-users
> writes:
>
> > [testuser@testclient1 ssh]$ ssh -vvv testclient2.example.com
>
> [snip]
>
> > debug1: Authentications that can continue:
> > publickey,gssapi-keyex,gssapi-with-
Ryan Slominski via FreeIPA-users
writes:
> [testuser@testclient1 ssh]$ ssh -vvv testclient2.example.com
[snip]
> debug1: Authentications that can continue:
> publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
> debug3: start over, passed a different list
> publickey,gssapi-k