openssh/mit kerberos and numeric host address

=?gb2312?B?zfW9ow==?= larkwang at outlook.com
Wed Apr 3 03:14:13 EDT 2013


Hi,

I have setup a MIT kerberos environment. But I meet a problem with numeric host address support.

1. The kdc runs on linux server, debian testing latest, openssh 6.0p1, mit kerberos 1.10.1.
2. A DNS A RR points to linux server, as "kdc = xxx"
3. Windows client: Win7 64bit, putty 0.62, kfw-3-2-2
4. MacOS X client: OSX 10.6.x
5. Linux client: debian testing latest
6. In krb5.conf or krb5.ini,  "rdns = false" and in ssh_config, "GSSAPITrustDNS = no"
7. The server has a host/ip at REALM principal in kdc and /etc/krb5.keytab

From Windows and OSX clients, we can login to linux server with "ssh root at ip" by principal, but
from linux, kerberos always fails and then fallback to password

"debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address"

At first, I think it is openssh's problem. But I trace it into ssh_gssapi_init_ctx() then gss_init_sec_context()
from libgssapi_krb5.so.  It's beyond my affordable time to play with this beast.

Can anyone has a solution?

T.I.A



 		 	   		  


More information about the Kerberos mailing list