Kerberos auth based on ticket

Rowley, Mathew Mathew_Rowley at cable.comcast.com
Tue Dec 16 08:39:37 EST 2008


The hostname includes 'ipa' in it, but IPA is not installed. Sorry for any confusion - it was a box that did, and out of pure laziness, was never re-named. 

MAT


MAT

----- Original Message -----
From: Simo Sorce <ssorce at redhat.com>
To: Rowley, Mathew
Cc: kerberos at mit.edu <kerberos at mit.edu>
Sent: Tue Dec 16 08:36:07 2008
Subject: Re: Kerberos auth based on ticket

On Tue, 2008-12-16 at 04:48 -0700, Mathew Rowley wrote:
> Looks like my problem is ‘Server not found in Kerberos database’.  So I am
> assuming that I need the server in the kerberos database as well as the
> user... Is that done just like adding a principal?
> 
> Sorry, very new to this.

Matthwew, yes, as the freeipa.org (or the Red Hat docs) say you have to
create a principal for the target machine and obtain a keytab for it.

http://freeipa.org/page/ConfiguringRhelClients#Configuring_Client_SSH_Access

The 2 commands to use here are: ipa-addservice and ipa-getkeytab,
given these are custom commands that work only in an ipa context I
suggest you jump on the freeipa-users mailing list if you like.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York





More information about the Kerberos mailing list