Kerberos5 + SSH Questions
B.Candler at pobox.com
Tue Jan 4 05:01:03 EST 2011
On Tue, Jan 04, 2011 at 05:43:22PM +0800, Lee Eric wrote:
> Thanks mate. Is there anything wrong with my configuration file?
I couldn't see anything, but please run the sshd -p99 test I specified. That
will almost certainly tell you in plain English what the problem is.
> furthermore, how do you create your keytab?
On the target ssh server:
kadmin -p someone/admin
addprinc -randkey host/server.example.com
P.S. if for some reason you can't do it there, then do it somewhere else but
write the key out to a different file:
ktadd -k /tmp/server.example.com.keytab host/server.example.com
Then copy this file to the ssh server as /etc/krb5.keytab
Make sure it is fully protected!
chown 0:0 /etc/krb5.keytab
chmod 400 /etc/krb5.keytab
And securely delete the intermediate copy:
shred -u /tmp/server.example.com.keytab
More information about the Kerberos