How to get sshd w/ Kerberos on Mac OSX working
Michael B Allen
mba2000 at ioplex.com
Wed Jun 14 18:18:15 EDT 2006
What do you have to do to get sshd to do Kerberos on Mac OSX?
I created an /etc/krb5.keytab and tried adding GSSAPIAuthentication yes to
/etc/sshd_config but from looking at captures it doesn't even try anything
remotely Kerberos related. I always get prompted for a password. I can ssh
to a linux machine in the same enviroment and it works perfectly. Using
otool -L I can see sshd is linked with the Kerberos Framework.
The log messages are:
Jun 14 17:47:15 mini xinetd[1290]: service ssh, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)
Jun 14 17:47:15 mini xinetd[1290]: START: ssh pid=1325 from=192.168.2.16
Jun 14 17:47:15 mini sshd[1325]: Generating 768 bit RSA key.
Jun 14 17:47:15 mini sshd[1325]: RSA key generation complete.
Jun 14 17:47:15 mini sshd[1325]: Connection from 192.168.2.16 port 34541
Jun 14 17:47:15 mini sshd[1325]: reverse mapping checking getaddrinfo for quark.foo.net failed - POSSIBLE BREAKIN ATTEMPT!
Jun 14 17:47:15 mini sshd[1325]: Failed none for miallen from 192.168.2.16 port 34541 ssh2
That "reverse mapping" error is bogus. I have a perfectly good reverse
zone. From looking at captures it appear to do an IPv6 lookup and then
gives up. If it had tried a standard lookup it would have found the name.
Any ideas?
Mike
--
Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization
http://www.ioplex.com/
More information about the Kerberos
mailing list