Need help on GSSFTP

Douglas E. Engert deengert at anl.gov
Wed Sep 19 10:11:10 EDT 2007



tetsu.soh at nts.ricoh.co.jp wrote:

> 530 GSSAPI user root/admin at TEST.COM is not authorized as tetsu; Access
> denied.
> Login failed.
> 
>

As Markus pointed out you need a .k5login

But root does not normally have a Kerberos principal, as root
is more machine specific with each machine having root but root
on one is not related to root on another.

Most Kerberos commands will let you use different local username
and kerberos principals. like ssh with gssapi, ssh -l username host
will use your kerberos tickets with your principal th login
to host with the username. In this case the ~username/.k5login
should contain a line with your principal.   Think of the .k5login
as the ACL for access to the account.




> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list