Problems using kerberos with ssh.
Fernando.SCamargo@mercantil.com.br
Fernando.SCamargo at mercantil.com.br
Thu Aug 26 13:37:20 EDT 2004
Hello people,
I configured kerberos in Linux using the defaults packages at Linux Fedora
Core 1, the packages that i installed is krb5-libs ,krb5-workstation
,krb5-server and pam_krb5.
This works perfectly when i telnet and normal logon but this doesnt work
when i use it with ssh.
I marked the option at sshd_config configuration file use the kerberos
authentication but this doesnt work, sshd always prompt to login using
/etc/passwd.
What should i have to do to make it work?
Will i have to install more packages?( i saw some people saying to use
afs)
Anyone here have ssh + kerberos working in Linux?
Thanks..From tillman at seekingfire.com Thu Aug 26 16:20:59 2004
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i7QKKwWM013726
for <kerberos at PCH.mit.edu>; Thu, 26 Aug 2004 16:20:59 -0400 (EDT)
Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212])
i7QKKuua003795
for <kerberos at mit.edu>; Thu, 26 Aug 2004 16:20:56 -0400 (EDT)
Received: by mail.seekingfire.com (Postfix, from userid 500)
id C5E4F7D; Thu, 26 Aug 2004 14:20:55 -0600 (CST)
Date: Thu, 26 Aug 2004 14:20:55 -0600
From: Tillman Hodgson <tillman at seekingfire.com>
To: kerberos at mit.edu
Message-ID: <20040826202055.GE22622 at seekingfire.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
X-GPG-Key-ID: 828AFC7B
X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B
X-GPG-Key: http://www.seekingfire.com/gpg_key.asc
X-Urban-Legend: There is lots of hidden information in headers
User-Agent: Mutt/1.5.6i
Subject: Migrating database between architectures: "Stored master key is
corrupted"
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Thu, 26 Aug 2004 20:20:59 -0000
Howdy,
I'm attempting to move an MIT krb5 database from an older Intel
(32-bit x86) machine running FreeBSD -current and krb5-1.3.4 to a
SparcStation 10 (32-bit Sparc) running NetBSD -current
mit-krb5-1.3.4nb1.
I believe that everything is working as far as the infrastructure is
concerned (boot scripts, etc), but I'm unable to start the kdc daemon on
the sparc:
[root at surya /var/krb5kdc]# cat /var/log/krb5kdc.log
krb5kdc: Stored master key is corrupted - while fetching master key K/M for realm (blah ...)
I've scp'ed the master key across, and md5'ed it to confirm that it
arrived undamaged. It looks fine.
Is there a chance that the problem is with endianness? Assuming that it
is, is there a way to convert the stashed master key?
TIA for your time and assistance,
- Tillman
--
Page 38: Be sure that, in the excitement of creating a totally rad
password, you resist the temptation to tell someone just to show off how
smart you are.
- Harley Hahn, _The Unix Companion_
More information about the Kerberos
mailing list