Kerberos5 + SSH Questions
B.Candler at pobox.com
Mon Jan 3 12:54:56 EST 2011
On Mon, Jan 03, 2011 at 09:02:59PM +0800, Lee Eric wrote:
> My server OS is Fedora 14 and Kerberos version is 1.8.2-6 by using RPM
> based. I tried to make SSH combined with Kerberos but it looks like
> the authentication is failure when using Kerberos. Meanwhile, I don't
> know where I did wrong in configuration file.
> The attachment is necessary configuration I use.
I didn't see any attachment.
Basic checks are:
* Do you have "GSSAPIAuthentication yes" in /etc/ssh/sshd_config on the
server? (note: not KerberosAuthentication. That is password authentication
checked against the KDC)
* Do you have "GSSAPIAuthentication yes" in /etc/ssh/ssh_config on the
Plus usual kerberos stuff:
* Are your clocks in sync?
* Did the client sucecessfully get a ticket? (kinit)
* Does the server have correct forward and reverse DNS?
To debug this further, I suggest you run a temporary sshd in debugging mode
on a different port on the server:
# /usr/sbin/sshd -d -p99
and on the client:
$ kinit username
$ ssh -p99 -v username at server
Now you should have logs at both the client side and the server side, which
may show what's going wrong.
More information about the Kerberos