OpenSSH won't store credentials
Someone
please at nospam.net
Fri Mar 22 14:15:22 EST 2002
Simon Wilkinson wrote:
> Someone (please at nospam.net) wrote:
>
> : > klist -5
> : klist: No credentials cache found (ticket cache FILE:)
> : > kinit
> : kinit(v5): No credentials cache found when initializing cache
>
> Can you let me know what the KRB5CCNAME environment variable is set
> to on the server. It looks like it may be set to a null or bogus string.
>
> : This is quite annoying and I really don't know why OpenSSH doesn't store
> : my credentials. I even installed a UNIX KDC, thinking that it would be
> : windows 2000 who is playing nasty tricks with me but it doesn't look like.
>
> : Any help would really be appreciated, it could be that I forgot
> : something or I am missing something. If you need more infos like config
> : files just let me know.
>
> From your logs, it looks like you're not doing credential forwarding at
> all, but falling back to the inbuilt krb5 password checking. This appears
> to not be correctly writing out a credentials cache.
>
> If you want to track down the credentials forwarding problem further,
> could you send me privately a copy of the debug logs from the server (with
> -d) and the client (with -v -v), where the client has valid credentials in
> the cache when invoked.
Well that's right, I am trying to do an SSH from a host which isn't
involved at all with Kerberos, that's because I would like when I login
to a kerberized host that SSH fetches for me a ticket and caches it.
Isn't that somehow possible ? For example if i log onto the console
itself of the machine (which runs login.krb5), it's login.krb5 which
fetches for me a ticket and caches it.
If you still need the debugging logs, I will mail them to you on monday,
if that's fine for you.
Thanks for responding so fast
Greetings
More information about the Kerberos
mailing list