Server passing IP instead of FQDN to Kerberos (during SSH GSSAPI)
Mathew Rowley
mathew_rowley at cable.comcast.com
Wed Mar 11 19:34:32 EDT 2009
When trying to ssh with a kerberos ticket (with GSSAPI enabled and working)
to a RH4 box, I get the following error from ssh:
...
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Server not found in Kerberos database
debug1: Unspecified GSS failure. Minor code may provide more information
Server not found in Kerberos database
...
When looking at the krb5kdc.log I see:
Mar 11 22:59:09 kdc01.security.lab.comcast.net krb5kdc[17694](info): TGS_REQ
(7 etypes {18 17 16 23 1 3 2}) 10.252.152.78: UNKNOWN_SERVER: authtime
1236809289, red at COMCAST.NET for host/10.252.152.77 at COMCAST.NET, Server not
found in Kerberos database
krb5kdc: Interrupted system call - while selecting for network input(1)
It seems like the box I am trying to ssh to is sending Œhost/10.242.142.77¹
instead of what I expected Œhost/rsa01.security.lab.comcast.net¹. Does
anyone have any idea why this would be happening? I have exact same
configurations on RH5 boxes that will work properly and send host/FQDN...
Thanks.
--
MAT
More information about the Kerberos
mailing list