Kerberos auth based on ticket
Russ Allbery
rra at stanford.edu
Mon Dec 15 20:07:53 EST 2008
Mathew Rowley <mathew_rowley at cable.comcast.com> writes:
> **Shows that there is a ticket
> [mrowley at ipa01 ~]$ klist
> Ticket cache: FILE:/tmp/krb5cc_502_WaiNgJ
> Default principal: mrowley at IPA.COMCAST.COM
>
> Valid starting Expires Service principal
> 12/15/08 19:52:10 12/16/08 05:52:10 krbtgt/IPA.COMCAST.COM at IPA.COMCAST.COM
> renew until 12/15/08 19:52:10
You have no service ticket for the host, so GSSAPI authentication was
never even attempted by the client.
ssh -vvv may help in figuring out why that's the case.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list