Kerberos auth based on ticket

Russ Allbery rra at
Mon Dec 15 19:01:17 EST 2008

Mathew Rowley <mathew_rowley at> writes:

> Well, that would make sense... Looking at the sshd and ssh configurations,
> it seems to be enabled on both.  Is there some configuration I am missing?
> [root at ipa01 ~]# grep -i GSSAPI  /etc/ssh/ssh_config
>         GSSAPIAuthentication yes
> [root at ipa01 ~]# grep -i GSSAPI  /etc/ssh/sshd_config
> # GSSAPI options
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes

Your original pasted example showed you ssh'ing to user at localhost.  Unless
you have a key for localhost in your keytab, that probably isn't going to
work.  ssh authenticates to the hostname that you type on the command

Russ Allbery (rra at             <>

More information about the Kerberos mailing list