help with Active Directory Kerberos authentication
Russ Allbery
rra at stanford.edu
Tue Oct 10 19:11:28 EDT 2006
Rohit Kumar Mehta <rohitm at engr.uconn.edu> writes:
> Thanks Russ, I think you might have found something.
> I did the command you suggested ssh -ddd 2>/tmp/err.txt
> and found an interesting message in the long file it created.
> debug1: Miscellaneous failure
> No principal in keytab matches desired name.
> My krb5.keytab looks like this:
> nfsv4etch:~# ktutil
> ktutil: rkt /etc/krb5.keytab
> ktutil: l
> slot KVNO Principal
> ---- ----
> ---------------------------------------------------------------------
> 1 4 host/nfsv4etch.engr.uconn.edu at AD.ENGR.UCONN.EDU
> Does that look like it's generated properly?
I've run into this problem before (not with AD, but with MIT Kerberos) and
haven't been able to figure out what was causing it. My theory was some
sort of realm configuration mismatch, but I'm not at all sure.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list