Ssh trouble with forwarding
Donn Cave
donn at u.washington.edu
Tue Sep 2 12:06:26 EDT 2003
In article <1062515739.888.10.camel at Active2>,
matthijs at active2.homelinux.org (Matthijs Mohlmann) wrote:
> On Tue, 2003-09-02 at 05:12, Donn Cave wrote:
> > Quoth matthijs at active2.homelinux.org (Matthijs Mohlmann):
> > ...
> > | Now when i try to login to my ssh service with the following command:
> > | matthijs at Server:~$ ssh -A -K active2.active2.homelinux.org
> > ...
> > | 17612: debug1: Miscellaneous failure
> > | 17612: debug1: No principal in keytab matches desired name
> > |
> > | What does this mean ? I have a
> > | host/active2.active2.homelinux.org at ACTIVE2.HOMELINUX.ORG in my
> > | /etc/krb5.keytab on the ssh-server. I have also a ssh service key in my
> > | keytab (ssh/active2.active2.homelinux.org at ACTIVE2.HOMELINUX.ORG)
> I have my own dns-server for internal network. And my domain is
> active2.homelinux.org. My computers are
> <name>.active2.homelinux.org and all this names are in the dns. I have
> checked what ip every computer is using and it sounds to me as oke
> active2.active2.homelinux.org - 192.168.0.2
> server.active2.homelinux.org - 192.168.0.7
> router.active2.homelinux.org - 192.168.0.1
$ host active2.active2.homelinux.org
active2.active2.homelinux.org is a nickname for active2.homelinux.org
active2.homelinux.org has address 80.126.240.96
active2.homelinux.org mail is handled (pri=5) by active2.homelinux.org
active2.homelinux.org mail is handled (pri=10) by bulletgate.org
$ host 80.126.240.96
96.240.126.80.IN-ADDR.ARPA domain name pointer
a80-126-240-96.adsl.xs4all.nl
There's a limit to what we can tell from here, but believe me,
it will not work until the name the host knows itself by, and
the name in the Kerberos host principal, are the same. This
is the problem you have to solve. If you have access to logs
from the KDC, you can see exactly what the principal name needs
to be.
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list