[OpenAFS] ssh+afs logins fail on IRIX 6.5.15

David R. Steiner david.r.steiner@Dartmouth.EDU
Wed, 29 May 2002 16:44:01 -0400


At 9:11 -0400 5/29/02, Dave McMurtrie wrote:
>On Tue, 28 May 2002, David R. Steiner wrote:
>
>>  Running tcpdump shows that the authentication is generating traffic
>>  on port 750. It is my understanding that since we are using kaserver
>>  this should not be happening. I have been told that kaserver uses a
>>  different port but do not know which one.
>
>Stuff that uses the kaserver api calls will talk to udp 7004.  Stuff that
>uses the kerberos v4 api will talk udp 750.
>
>>      KerberosAuthentication yes
>
>I don't know why you're getting the "principal unknown" error, but you're
>probably talking to udp 750 because of this line in your sshd config.  If
>you're not configured to do kerberos authentication, you should probably
>change this line.

We are set up to use kerberos for authentication so the config line 
has to remain the same.

It was pointed out to me in another post that I needed a correct 
/etc/krb.conf file (like I said I am new to afs/kerberos). Putting 
that file in place now allows me to authenticate but I am not getting 
a token (see my other post).

What I am trying to figure out is:

If kaserver uses udp 7004, how is it that when I successfully login, 
sshd in debug mode reports that it is using the default port udp 750?

-- 
David R. Steiner                               david.r.steiner@dartmouth.edu
UNIX System Manager                            Phone:  603.646.3127
Dartmouth College                              Fax:     603.646.1041