Kerberos5 + SSH Questions
Lee Eric
openlinuxsource at gmail.com
Tue Jan 4 06:23:59 EST 2011
Hi mate,
[root at herdingcat ericlee]# ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: l -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 host/ns.herdingcat.internal at HERDINGCAT.INTERNAL (AES-256 CTS
mode with 96-bit SHA-1 HMAC)
2 2 host/ns.herdingcat.internal at HERDINGCAT.INTERNAL (AES-128 CTS
mode with 96-bit SHA-1 HMAC)
3 2 host/ns.herdingcat.internal at HERDINGCAT.INTERNAL (Triple DES
cbc mode with HMAC/sha1)
4 2 host/ns.herdingcat.internal at HERDINGCAT.INTERNAL (ArcFour
with HMAC/md5)
5 2 host/ns.herdingcat.internal at HERDINGCAT.INTERNAL (DES with HMAC/sha1)
6 2 host/ns.herdingcat.internal at HERDINGCAT.INTERNAL (DES cbc
mode with RSA-MD5)
ktutil: [root at herdingcat ericlee]#
Yes, it was copy-pasted. So is there anything wrong?
Eric
On Tue, Jan 4, 2011 at 7:16 PM, Brian Candler <B.Candler at pobox.com> wrote:
> On Tue, Jan 04, 2011 at 06:57:20PM +0800, Lee Eric wrote:
>> debug1: Unspecified GSS failure. Minor code may provide more information
>> Key table entry not found
>
> Aha, that's your problem. What does the following show?
>
> # ktutil
> rkt /etc/krb5.keytab
> l -e
> ^D
>
> And what does 'klist' on the client show, after you've attempted to ssh?
>
>> So I notice that it was due to SSH server side cannot find keytab but
>> it exists in /etc/krb5.keytab:
>> -r--------. 1 root root 526 Jan 3 00:58 /etc/krb5.keytab
>
> It can find the keytab, but it can't find the right entry in the keytab.
>
> BTW, was that copy-pasted? I've never seen a '.' after the mode bits before.
>
> Regards,
>
> Brian.
>
More information about the Kerberos
mailing list