Kerberos Digest, Vol 137, Issue 2

[Giuseppe Mazza]

Hi Kenny,

Sorry, I had forgotten to say that
gml.doc.ic.ac.uk is an alias for gm-u1204.doc.ic.ac.uk.

> 
> Shouldn't the kdc for GML.DOC... be "gm-u1204.doc.ic.ac.uk" instead of
> "gml.doc.ic.ac.uk" in your krb5.conf?
> 
> Cheers,
> 
> Kenny.

However I have tried the change you have suggested, i.e.
to change from gml.doc.ic.ac.uk to gm-u1204.doc.ic.ac.uk

root at gm-u1204:~# grep gm-u1204 /etc/krb5.conf
                kdc = gm-u1204.doc.ic.ac.uk
                admin_server = gm-u1204.doc.ic.ac.uk
		master_kdc = gm-u1204.doc.ic.ac.uk

but it does not work.

I have got a ticket:
mazza at gm-u1204:~$ kinit giuseppe at GMW.DOC.IC.AC.UK
Password for giuseppe at GMW.DOC.IC.AC.UK:
mazza at gm-u1204:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1002
Default principal: giuseppe at GMW.DOC.IC.AC.UK

Valid starting     Expires            Service principal
06/05/14 10:44:05  06/05/14 20:44:27
krbtgt/GMW.DOC.IC.AC.UK at GMW.DOC.IC.AC.UK
	renew until 07/05/14 10:44:05

When I try to
mazza at gm-u1204:~$ ssh -vvv giuseppe at gm-u1204

the same error message occurs, i.e.
----
...
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot find KDC for requested realm

debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot find KDC for requested realm
...
----

Thank you all the same,
Giuseppe