Kerberos auth based on ticket

Russ Allbery rra at
Mon Dec 15 20:07:53 EST 2008

Mathew Rowley <mathew_rowley at> writes:

> **Shows that there is a ticket
> [mrowley at ipa01 ~]$ klist
> Ticket cache: FILE:/tmp/krb5cc_502_WaiNgJ
> Default principal: mrowley at IPA.COMCAST.COM
> Valid starting     Expires            Service principal
> 12/15/08 19:52:10  12/16/08 05:52:10  krbtgt/IPA.COMCAST.COM at IPA.COMCAST.COM
>         renew until 12/15/08 19:52:10

You have no service ticket for the host, so GSSAPI authentication was
never even attempted by the client.

ssh -vvv may help in figuring out why that's the case.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list