[OpenAFS] forwarding credentials with OpenSSH, Kerberos and pam-afs-session

Russ Allbery rra@stanford.edu
Thu, 06 Sep 2007 10:48:06 -0700

Ken Aaker <kaaker@brocade.com> writes:

> It's really close, it's working from "ralph" to "mars", but not from
> "mars" to "ralph".

> I get 3 "debug2: we sent a gssapi-with-mic packet, wait for reply"
> messages, then it fails over to password. The keytab files are identical
> on the machines, and GSSAPIAuthentication is turned on in sshd_config on
> both. Still something to do with the keytab on "ralph"?

Make sure you have a .k5login file in your home directory on both systems
that lists your Kerberos principal.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>