kfw & krb5 1.3.1

King Lung Chiu csklc at farrer.hpc.csiro.au
Sun Feb 8 20:33:39 EST 2004 

Hi,

I'm testing out kerberised openssh on cygwin with both krb5 1.3.1 and kfw.

I can use krb5-1.3.1's kinit no problems, and the tgt allows passwordless 
ssh from cygwin to a linux machine.

But when I use tgt from kfw's ms2mit, passwordless ssh stops working (ie. 
it Basks for a password).

For kfw, I've set krb5.ini so it's the same as krb5.conf from my cygwin 
krb5 1.3.1 install. Before running ssh, I also set KRB5CCNAME so it points 
to the correct location (klist shows OK).

So my problem is tgt from krb5-1.3.1 is OK, but the tgt from ms2mit does 
not seem to work.

Any ideas? (please see below for the ssh -vvv output using the ms2mit tgt)

regards

King Lung Chiu


...
debug1: Authentications that can continue: 
publickey,gssapi,password,keyboard-interactive
debug3: start over, passed a different list 
publickey,gssapi,password,keyboard-interactive
debug3: preferred gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi
debug1: Next authentication method: gssapi
debug2: we sent a gssapi packet, wait for reply
debug1: Miscellaneous failure
No credentials found with supported encryption types

debug1: Trying to start again
debug2: we sent a gssapi packet, wait for reply
debug1: Authentications that can continue: 
publickey,gssapi,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chi145/.ssh/identity
debug3: no such identity: /home/chi145/.ssh/identity
debug1: Trying private key: /home/chi145/.ssh/id_rsa
debug3: no such identity: /home/chi145/.ssh/id_rsa
debug1: Trying private key: /home/chi145/.ssh/id_dsa
debug3: no such identity: /home/chi145/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

More information about the Kerberos mailing list