krb5+Ubuntu (maverick, jaunty (LTS))+ssh
Brian Candler
B.Candler at pobox.com
Sun Nov 21 13:46:17 EST 2010
On Sat, Nov 20, 2010 at 10:45:31PM +0100, Thomas Schweikle wrote:
> Something about no GSSAPI environment. I'll post the whole thing
> Tomorrow --- I'll need access to the systems.
Another trick is to run another instance of sshd, on another port, in debug
mode: e.g.
# sshd -p 99 -d
Then when you ssh -v -p 99 <user>@<hostname> you will also get debug output
from the server side.
You need 'GSSAPIAuthentication yes' in /etc/ssh/sshd_config at the server
side, but presumably you have that as some of the combinations do work.
(Not 'KerberosAuthentication yes' - that just does password authentication
with the KDC as the password oracle)
HTH,
Brian.
More information about the Kerberos
mailing list