kfw & krb5 1.3.1
King Lung Chiu
csklc at farrer.hpc.csiro.au
Sun Feb 8 20:33:39 EST 2004
Hi,
I'm testing out kerberised openssh on cygwin with both krb5 1.3.1 and kfw.
I can use krb5-1.3.1's kinit no problems, and the tgt allows passwordless
ssh from cygwin to a linux machine.
But when I use tgt from kfw's ms2mit, passwordless ssh stops working (ie.
it Basks for a password).
For kfw, I've set krb5.ini so it's the same as krb5.conf from my cygwin
krb5 1.3.1 install. Before running ssh, I also set KRB5CCNAME so it points
to the correct location (klist shows OK).
So my problem is tgt from krb5-1.3.1 is OK, but the tgt from ms2mit does
not seem to work.
Any ideas? (please see below for the ssh -vvv output using the ms2mit tgt)
regards
King Lung Chiu
...
debug1: Authentications that can continue:
publickey,gssapi,password,keyboard-interactive
debug3: start over, passed a different list
publickey,gssapi,password,keyboard-interactive
debug3: preferred gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi
debug1: Next authentication method: gssapi
debug2: we sent a gssapi packet, wait for reply
debug1: Miscellaneous failure
No credentials found with supported encryption types
debug1: Trying to start again
debug2: we sent a gssapi packet, wait for reply
debug1: Authentications that can continue:
publickey,gssapi,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chi145/.ssh/identity
debug3: no such identity: /home/chi145/.ssh/identity
debug1: Trying private key: /home/chi145/.ssh/id_rsa
debug3: no such identity: /home/chi145/.ssh/id_rsa
debug1: Trying private key: /home/chi145/.ssh/id_dsa
debug3: no such identity: /home/chi145/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
More information about the Kerberos
mailing list