Help: noaddresses help

Jeet Joshi jeetjoshi4u at gmail.com
Thu Mar 6 01:12:33 EST 2008 

Hi Ken,
Thanks for the reply.
Here are some details:


> If you run "klist" after a successful ssh from the same network, and
> the unsuccessful attempt from the other network, preferably after
> getting new tickets in both cases, you do get the same service
> principal listed?  (Is the machine on the same network the same
> machine as the ssh server?)


     Ok, here can be the problem, I am not getting any service ticket on the
other network ssh client. klist gives just krbtgt/EXAMPLE.COM ticket. But in
the same network (on the gateway) I am getting host/sshd.example.com ticket
for the ssh and so I can log in without any password.
      ( I can get access from same network , for this checking I am
performing ssh from the gateway PC.)



> "Wrong principal in request" generally means there was a specific
> server principal name that the server was expecting, and a different
> one was used by the client for some reason.  Sometimes that can be
> caused by different names for the same host or address (e.g., /etc/
> hosts on different machines lists different "primary" names for the
> address and/or different sets of addresses).


      My /etc/host contains are same on all the three PCs I am using.
Can there be any problem as I am storing other networks private IP address
in /etc/hosts ?



> You asked about NAT in your earlier message.  Are you using NAT
> between the networks this case, or was that a separate issue?


Yes, I am using SNAT on the gateway.

Let me explain the setup that I have
I am currently testing on 3 PC's.
My outer Network is 192.168.0.0/24 and inner network is  192.168.20.0/24
Gateway PC has IP addresses 192.168.0.4 and 192.168.20.1 respectively.


Now my all port 88 and port 22 traffic is forwarded to address
192.168.20.20on respective port. My SSH and KDC are running on the
same PC inside the
network.


At client I am using
ssh 192.168.0.4
It is asking me password for root at 192.168.0.4
When I enter password of inner m/c then access is granted to me for inner PC
not the gateway which I was looking for without password.


So kindly awaiting for reply.


Thanks
Jeet

More information about the Kerberos mailing list