[OpenAFS] forwarding credentials with OpenSSH, Kerberos and pam-afs-session

Ken Aaker kaaker@brocade.com
Thu, 06 Sep 2007 12:38:48 -0500


Jim Rees wrote:
> Ken Aaker wrote:
>
>
> If it still won't work, try "ssh -v" to see whether it's attempting GSS
> authentication.  When it works you'll see something like this:
>
> debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
> debug1: Next authentication method: gssapi-with-mic
> debug1: Delegating credentials
> debug1: Delegating credentials
> debug1: Authentication succeeded (gssapi-with-mic).
>
>   
It's really close, it's working from "ralph" to "mars", but not from
"mars" to "ralph".

I get 3 "debug2: we sent a gssapi-with-mic packet, wait for reply"
messages, then it fails over to password. The keytab files are identical
on the machines, and GSSAPIAuthentication is turned on in sshd_config on
both. Still something to do with the keytab on "ralph"?



Ken