SSH issue
Douglas E. Engert
deengert at anl.gov
Tue Jan 17 14:12:32 EST 2006
Marcel Koopmans wrote:
> Hello Klaas,
>
> hephaestus runs MacOSX 10.4.4 so the /etc/krb5.conf file is named
> /Library/Preferences/edu.mit.Kerberos but it looks ok
>
> [libdefaults]
> default_realm = HOME.ELYSIUM-OS.NL
>
> [realms]
> HOME.ELYSIUM-OS.NL = {
> kdc = zeus.home.elysium-os.nl:88
> admin_server = zeus.home.elysium-os.nl:749
> default_domain = home.elysium-os.nl
> }
>
> [domain_realm]
> home.elysium-os.nl = HOME.ELYSIUM-OS.NL
> .home.elysium-os.nl = HOME.ELYSIUM-OS.NL
>
>
> On zeus /etc/krb5.conf also looks ok
>
>
> [libdefaults]
> default_realm = HOME.ELYSIUM-OS.NL
>
> [realms]
> HOME.ELYSIUM-OS.NL = {
> kdc = kerberos.home.elysium-os.nl:88
> admin_server = kerberos.home.elysium-os.nl:749
> default_domain = home.elysium-os.nl
> }
>
> [domain_realm]
> home.elysium-os.nl = HOME.ELYSIUM-OS.NL
> .home.elysium-os.nl = HOME.ELYSIUM-OS.NL
>
> [logging]
> kdc = FILE:/var/log/kerberos.log
> admin_server = FILE:/var/log/kerberos.log
> default = FILE:/var/log/kerberos.log
>
>
> In the logfile og the KDC it shows
>
>
> Jan 17 19:16:48 zeus krb5kdc[2170](info): TGS_REQ (7 etypes {18 17 16 23
> 1 3 2}) 172.20.1.5: UNKNOWN_SERVER: authtime 1137492150,
> marcel at HOME.ELYSIUM-OS.NL for krbtgt/ELYSIUM-OS.NL at HOME.ELYSIUM-OS.NL,
> Server not found in Kerberos database
The client is trying to do cross-realm, and the first step is to try
and get a TGT up one level in the path. The client is not determining the
realm of the server to be in the same realm as the client.
Look at DNS, /etc/resolv.conf and /etc/host files. Fully qualify the hostname
on the ssh command line.
>
>
> I do not get a ticket for zeus.
> If server zeus is unknown that why does it work just fine from hades??
> If there is something wrong on hephaestus whay does ssh to hades work??
>
> with kind regards,
> Marcel
>
>
>
> Klaas Hagemann wrote:
>
>> Hi marcel,
>>
>> check the domain-realm mapping in /etc/krb5.conf, maybe something
>> there is wrong.
>> then you can monitor krb5kdc.log while trying to access zeus and see
>> whats going on.
>>
>> does principal marcel gets a service ticket for zeus?
>>
>> - Klaas
>>
>> Marcel Koopmans schrieb:
>>
>>
>>
>>> Hello everybody,
>>>
>>> I have a issue with ssh to another computer
>>> I use 3 computers,
>>>
>>> 1 zeus, the KDC that has sshd running
>>> 2 hades, server that has sshd running
>>> 3 hephaestus, a workstation, no sshd.
>>>
>>> On hephaestus principal marcel gets its TGT.
>>> ssh to hades works just fine, no password is required.
>>> ssh to zeus fails, in the debug data from ssh I find "Server not
>>> found in Kerberos database".
>>> but...
>>> login on hades and ssh to zeus does work fine.
>>> also login on hephaestus ssh to hades and then ssh to zeus works fine.
>>>
>>> any ideas??
>>>
>>> with kind regards,
>>> Marcel
>>>
>>> ------------------------------------------------------------------------
>>>
>>> ________________________________________________
>>> Kerberos mailing list Kerberos at mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>>
>>>
>>
>>
>> ________________________________________________
>> Kerberos mailing list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>> .
>>
>>
>
>
> ------------------------------------------------------------------------
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list