Hi, I've spent the last few days playing with GSSAPI auth on an AIX 5.3 server (4.1P1) with no success, I've already got this running perfectly using on a linux testbed system using our AD as KDC using Windows 2000 with Putty (0.56b2 GSSAPI) as a client terminal. The AIX system is correctly allowing users to authorise against KRB5A but the GSSAPI single sign on from a client never seems to work.
The debug log from SSHD fails during gssapi-with-mic as follows: debug1: userauth-request for user ianclark service ssh-connection method gssapi-with-mic debug1: attempt 1 failures 1 debug2: input_userauth_request: try method gssapi-with-mic debug3: mm_request_send entering: type 37 debug3: mm_request_receive_expect entering: type 38 debug3: monitor_read: checking request 37 debug3: mm_request_receive entering debug1: Miscellaneous failure No principal in keytab matches desired name debug3: mm_request_send entering: type 38 debug3: mm_request_receive entering We have created a host principle and installed it in the krb5 keytab as per normal, SSHD doesn't need a service principle ?, but what principle is SSHD looking for and what name ? Gssapi-with-mic is clearly being attempted, with this error, putty returns an unable to initialise gssapi context, yet connects to the Linux system immediately. I'm a little confused, because our linux test worked within minutes of configuration. Ian
