[OpenAFS] ssh+afs logins fail on IRIX 6.5.15
David R. Steiner
david.r.steiner@Dartmouth.EDU
Wed, 29 May 2002 16:44:01 -0400
At 9:11 -0400 5/29/02, Dave McMurtrie wrote:
>On Tue, 28 May 2002, David R. Steiner wrote:
>
>> Running tcpdump shows that the authentication is generating traffic
>> on port 750. It is my understanding that since we are using kaserver
>> this should not be happening. I have been told that kaserver uses a
>> different port but do not know which one.
>
>Stuff that uses the kaserver api calls will talk to udp 7004. Stuff that
>uses the kerberos v4 api will talk udp 750.
>
>> KerberosAuthentication yes
>
>I don't know why you're getting the "principal unknown" error, but you're
>probably talking to udp 750 because of this line in your sshd config. If
>you're not configured to do kerberos authentication, you should probably
>change this line.
We are set up to use kerberos for authentication so the config line
has to remain the same.
It was pointed out to me in another post that I needed a correct
/etc/krb.conf file (like I said I am new to afs/kerberos). Putting
that file in place now allows me to authenticate but I am not getting
a token (see my other post).
What I am trying to figure out is:
If kaserver uses udp 7004, how is it that when I successfully login,
sshd in debug mode reports that it is using the default port udp 750?
--
David R. Steiner david.r.steiner@dartmouth.edu
UNIX System Manager Phone: 603.646.3127
Dartmouth College Fax: 603.646.1041