Unable to SSH with Kerberos user

Rocky Hotas rockyhotas at post.com
Sat Jan 25 12:24:56 EST 2020


Sent: Saturday, January 25, 2020 at 5:51 PM
From: "Patrick Marc Preuß" <patrick.preuss at gmail.com>
To: "Rocky Hotas" <rockyhotas at post.com>
Subject: Re: Unable to SSH with Kerberos user

> Hi rocky 
 
Hi :)!

> Have a look into the ssh somewhere around line 115:

> debug1: Next authentication method: gssapi-with-mic
> debug1: Unspecified GSS failure.  Minor code may provide more information
> Server host/xubtest.xexample.intk at XEXAMPLE.INTK not found in Kerberos database
 
> gssapi is selected but not ticket grated due to missing service principal for the server.

Thanks for your patience in looking the logs.
Maybe you meant "granted". Ok! I executed in server `kadmin.local' and:

kadmin.local:  addprinc -randkey host/xubtest.xexample.intk
WARNING: no policy specified for host/xubtest.xexample.intk at XEXAMPLE.INTK; defaulting to no policy
Principal "host/xubtest.xexample.intk at XEXAMPLE.INTK" created.
kadmin.local:  addprinc -randkey host/xubcl1.xexample.intk
WARNING: no policy specified for host/xubcl1.xexample.intk at XEXAMPLE.INTK; defaulting to no policy
Principal "host/xubcl1.xexample.intk at XEXAMPLE.INTK" created.

Hope this is correct. Then, I tried again with ssh, and this is the
result: https://pastebin.com/vDX0Gt67

The error you mentioned is disappeared, but the behaviour is apparently
the same (password required and permission denied even with the correct
password).

> HTH

Yes, of course! Those principals must be created.
 
Thanks,

Rocky




More information about the Kerberos mailing list