[OpenAFS] forwarding credentials with OpenSSH,
Kerberos and pam-afs-session
david l goodrich
dlg@dsrw.org
Thu, 6 Sep 2007 13:05:09 -0500 (CDT)
On Thu, September 6, 2007 12:38 pm, Ken Aaker wrote:
> Jim Rees wrote:
>> Ken Aaker wrote:
>>
>>
>> If it still won't work, try "ssh -v" to see whether it's attempting GS=
S
>> authentication. When it works you'll see something like this:
>>
>> debug1: Authentications that can continue:
>> publickey,gssapi-with-mic,password,keyboard-interactive
>> debug1: Next authentication method: gssapi-with-mic
>> debug1: Delegating credentials
>> debug1: Delegating credentials
>> debug1: Authentication succeeded (gssapi-with-mic).
>>
>>
> It's really close, it's working from "ralph" to "mars", but not from
> "mars" to "ralph".
>
> I get 3 "debug2: we sent a gssapi-with-mic packet, wait for reply"
> messages, then it fails over to password. The keytab files are identica=
l
> on the machines, and GSSAPIAuthentication is turned on in sshd_config o=
n
> both. Still something to do with the keytab on "ralph"?
Ralph should have the principal host/ralph.example.com in its keytab, and
mars should have host/mars.example.com. You don't want to use the same
host principal across multiple hosts.
--david
>
>
>
> Ken
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>