Need help on GSSFTP
Markus Moeller
huaraz at moeller.plus.com
Tue Sep 18 18:35:33 EDT 2007
You need to add to .k5login in the home directory of tetsu the entry
root/admin at TEST.COM in addition to tetsu at TEST.COM (assuming both (root/admin
and testu want to login to the tetsu account) .
Markus
<tetsu.soh at nts.ricoh.co.jp> wrote in message
news:OF1F6F946F.E87F8C4F-ON4925735A.0026A93D-4925735A.0028929E at nts.ricoh.co.jp...
> Hello everyone,
> I am a newbie to Kerberos and also to Linux. So please forgive me for my
> ignorance.
>
> I met a problem when i try to use gssftp distributed with krb5-1.6.2.
>
> I'm using ubuntu7.04, and I set up KDC and ftp server both on a same linux
> box.
>
> My problem is that I succeeded on authentication, but failed on
> authorization.
>
> Here is the system output:
>
> Connected to ftp.test.com.
> 220 tetsu-ubuntu FTP server (Version 5.60) ready.
> 334 Using authentication type GSSAPI; ADAT must follow
> GSSAPI accepted as authentication type
> GSSAPI authentication succeeded
> Name (ftp.test.com:tetsu):
> 530 GSSAPI user root/admin at TEST.COM is not authorized as tetsu; Access
> denied.
> Login failed.
>
> I have no idea on how to configure where gssftp to authorize to.
> I had setup a LDAP server and use it as back-end kerberos database.
> However, I found
> that it has little effect with the gssftp. Whether or not I setup the LDAP
> server, always
> got the same error message as shown above.
>
> I did man ftpd and googled, but found little. So I hope I can get some
> advice here.
>
> Thanks in advance.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list