Kerberos auth based on ticket

Russ Allbery rra at stanford.edu
Mon Dec 15 20:07:53 EST 2008


Mathew Rowley <mathew_rowley at cable.comcast.com> writes:

> **Shows that there is a ticket
> [mrowley at ipa01 ~]$ klist
> Ticket cache: FILE:/tmp/krb5cc_502_WaiNgJ
> Default principal: mrowley at IPA.COMCAST.COM
>
> Valid starting     Expires            Service principal
> 12/15/08 19:52:10  12/16/08 05:52:10  krbtgt/IPA.COMCAST.COM at IPA.COMCAST.COM
>         renew until 12/15/08 19:52:10

You have no service ticket for the host, so GSSAPI authentication was
never even attempted by the client.

ssh -vvv may help in figuring out why that's the case.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list