[OpenAFS] forwarding credentials with OpenSSH, Kerberos and pam-afs-session

[Russ Allbery]

Ken Aaker <kaaker@brocade.com> writes:

> It's really close, it's working from "ralph" to "mars", but not from
> "mars" to "ralph".

> I get 3 "debug2: we sent a gssapi-with-mic packet, wait for reply"
> messages, then it fails over to password. The keytab files are identical
> on the machines, and GSSAPIAuthentication is turned on in sshd_config on
> both. Still something to do with the keytab on "ralph"?

Make sure you have a .k5login file in your home directory on both systems
that lists your Kerberos principal.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>