Kerberos auth based on ticket
Rowley, Mathew
Mathew_Rowley at cable.comcast.com
Tue Dec 16 08:39:37 EST 2008
The hostname includes 'ipa' in it, but IPA is not installed. Sorry for any confusion - it was a box that did, and out of pure laziness, was never re-named.
MAT
MAT
----- Original Message -----
From: Simo Sorce <ssorce at redhat.com>
To: Rowley, Mathew
Cc: kerberos at mit.edu <kerberos at mit.edu>
Sent: Tue Dec 16 08:36:07 2008
Subject: Re: Kerberos auth based on ticket
On Tue, 2008-12-16 at 04:48 -0700, Mathew Rowley wrote:
> Looks like my problem is ‘Server not found in Kerberos database’. So I am
> assuming that I need the server in the kerberos database as well as the
> user... Is that done just like adding a principal?
>
> Sorry, very new to this.
Matthwew, yes, as the freeipa.org (or the Red Hat docs) say you have to
create a principal for the target machine and obtain a keytab for it.
http://freeipa.org/page/ConfiguringRhelClients#Configuring_Client_SSH_Access
The 2 commands to use here are: ipa-addservice and ipa-getkeytab,
given these are custom commands that work only in an ipa context I
suggest you jump on the freeipa-users mailing list if you like.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list