kerberos authentication

Thu, 27 Nov 2008 09:26:18 -0800 

Hi,

im just starting with kerberos, so im probably missing something obvious
here.

server:
PasswordAuthentication no
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes


client: (night:crawler 192.168.10.102)
~/.ssh/config
GSSAPIAuthentication yes

client:
[EMAIL PROTECTED] ~]$ kinit kerberos-test
[EMAIL PROTECTED]'s Password: 
[EMAIL PROTECTED] ~]$ klist
Credentials cache: FILE:/tmp/krb5cc_1013
        Principal: [EMAIL PROTECTED]

  Issued           Expires          Principal
Nov 27 13:14:34  Nov 27 23:14:34  krbtgt/[EMAIL PROTECTED]



ssh wf
Permission denied (publickey,gssapi-with-mic).


 klist
Credentials cache: FILE:/tmp/krb5cc_1013
        Principal: [EMAIL PROTECTED]

  Issued           Expires          Principal
Nov 27 13:14:34  Nov 27 23:14:34  krbtgt/[EMAIL PROTECTED]
Nov 27 13:15:03  Nov 27 23:14:34  host/[EMAIL PROTECTED]



server:
kdc.log
2008-11-27T13:14:34 sending 493 bytes to IPv4:192.168.10.102
2008-11-27T13:14:34 AS-REQ [EMAIL PROTECTED] from
IPv4:192.168.10.102 for krbtgt/[EMAIL PROTECTED]
2008-11-27T13:14:34 Client sent patypes: encrypted-timestamp
2008-11-27T13:14:34 Looking for PKINIT pa-data --
[EMAIL PROTECTED]
2008-11-27T13:14:34 Looking for ENC-TS pa-data --
[EMAIL PROTECTED]
2008-11-27T13:14:34 ENC-TS Pre-authentication succeeded --
[EMAIL PROTECTED] using aes256-cts-hmac-sha1-96
2008-11-27T13:14:34 Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, des3-cbc-sha1, des3-cbc-md5, arcfour-hmac-md5,
des-cbc-md5, des-cbc-md4, des-cbc-crc
2008-11-27T13:14:34 Using
aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2008-11-27T13:14:34 AS-REQ authtime: 2008-11-27T13:14:34 starttime:
unset endtime: 2008-11-27T23:14:34 renew till: unset
2008-11-27T13:14:34 sending 688 bytes to IPv4:192.168.10.102
2008-11-27T13:15:03 TGS-REQ [EMAIL PROTECTED] from
IPv4:192.168.10.102 for host/[EMAIL PROTECTED]
[canonicalize]
2008-11-27T13:15:03 TGS-REQ authtime: 2008-11-27T13:14:34 starttime:
2008-11-27T13:15:03 endtime: 2008-11-27T23:14:34 renew till: unset
2008-11-27T13:15:03 sending 683 bytes to IPv4:192.168.10.102




after the ssh connect the principal wf (ssh server) is listed, but why
is ssh not connecting?

Reply via email to