openssh single-sing-on problem
Kevin Coffman
kwc at citi.umich.edu
Fri Apr 29 08:48:13 EDT 2005
> on 04/28/05 15:23 Kevin Coffman wrote:
> [SNIP]
>
> > The client (auth01.example.dk) thinks that the (ssh) server
> > (hostname?) is in a different realm (PROD.DK.EXAMPLE.NET) and is
> > trying to get a cross-realm ticket. Check the [domain_realm]
> > stanza of your /etc/krb5.conf file on the client and make sure that
> > the ssh server's hostname maps to the correct realm (EXAMPLE.DK).
>
> I checked the krb5.conf on server and client and they seem exactly
> alike to me :(
I see significant differences in the [libdefaults] and [realms] stanzas.
However, the issue is: what does the client think the ssh server's
hostname is? It obviously doesn't think it is xxxx.example.dk.
If you figure out what that is and map the name to the EXAMPLE.DK
realm (in the [domain_realm] stanza) then it should work.
You haven't said what you think the server's hostname is, nor what the
client machine thinks it is.
More information about the Kerberos
mailing list