[OpenAFS] ssh and GSSAPI doesn't work
Douglas E. Engert
deengert@anl.gov
Thu, 25 Jan 2007 17:30:12 -0600
Massimiliano Masi wrote:
> Hi all,
>
> I would like to use GSSAPIAuthentication with ssh-krb5 package
> on debian.
You need too delegate as well. So the client
needs GSSAPIDelegateCredentials yes
>
> The ssh server does the work, but, my problem is that I cannot get
> neither the kerberos tgt neither the afs token when I login:
>
> max@fourier ~ $ klist
> Ticket cache: FILE:/tmp/krb5cc_1112_19O8Ft
> Default principal: max@MASCANC.NET
>
> Valid starting Expires Service principal
> 01/18/07 22:25:51 01/19/07 08:25:51 krbtgt/MASCANC.NET@MASCANC.NET
> renew until 01/19/07 22:28:09
> 01/18/07 22:25:54 01/19/07 08:25:51 afs@MASCANC.NET
> renew until 01/19/07 22:28:09
>
>
> Kerberos 4 ticket cache: /tmp/tkt1112
> klist: You have no tickets cached
> max@fourier ~ $ ssh verhulst
> Last login: Thu Jan 18 22:24:25 2007 from fourier.mascanc.net
> -bash: /afs/mascanc.net/users/m/max//.bash_profile: Permission denied
> max@verhulst:~$ klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1112)
>
>
> Kerberos 4 ticket cache: /tmp/tkt1112
> klist: You have no tickets cached
> max@verhulst:~$ logout
> Connection to verhulst closed.
> max@fourier ~ $ klist
> Ticket cache: FILE:/tmp/krb5cc_1112_19O8Ft
> Default principal: max@MASCANC.NET
>
> Valid starting Expires Service principal
> 01/18/07 22:25:51 01/19/07 08:25:51 krbtgt/MASCANC.NET@MASCANC.NET
> renew until 01/19/07 22:28:09
> 01/18/07 22:25:54 01/19/07 08:25:51 afs@MASCANC.NET
> renew until 01/19/07 22:28:09
> 01/18/07 22:25:59 01/19/07 08:25:51 host/verhulst.mascanc.net@MASCANC.NET
> renew until 01/19/07 22:28:09
>
>
> Kerberos 4 ticket cache: /tmp/tkt1112
> klist: You have no tickets cached
>
>
>
> How can I solve this problem?
>
> Thank you!
>
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444