Kerberos5 + SSH Questions
Lee Eric
openlinuxsource at gmail.com
Tue Jan 4 05:05:46 EST 2011
Hi mate, I have pasted the configuration file already. Here's the
link: http://mailman.mit.edu/pipermail/kerberos/2011-January/016849.html.
Thanks.
Eric
On Tue, Jan 4, 2011 at 6:01 PM, Brian Candler <B.Candler at pobox.com> wrote:
> On Tue, Jan 04, 2011 at 05:43:22PM +0800, Lee Eric wrote:
>> Thanks mate. Is there anything wrong with my configuration file?
>
> I couldn't see anything, but please run the sshd -p99 test I specified. That
> will almost certainly tell you in plain English what the problem is.
>
>> furthermore, how do you create your keytab?
>
> On the target ssh server:
>
> kadmin -p someone/admin
> addprinc -randkey host/server.example.com
> ktadd host/server.example.com
> ^D
>
> Regards,
>
> Brian.
>
> P.S. if for some reason you can't do it there, then do it somewhere else but
> write the key out to a different file:
>
> ktadd -k /tmp/server.example.com.keytab host/server.example.com
>
> Then copy this file to the ssh server as /etc/krb5.keytab
>
> Make sure it is fully protected!
> chown 0:0 /etc/krb5.keytab
> chmod 400 /etc/krb5.keytab
>
> And securely delete the intermediate copy:
> shred -u /tmp/server.example.com.keytab
>
More information about the Kerberos
mailing list