Unable to SSH with Kerberos user
Rocky Hotas
rockyhotas at post.com
Sat Jan 25 12:24:56 EST 2020
Sent: Saturday, January 25, 2020 at 5:51 PM
From: "Patrick Marc Preuß" <patrick.preuss at gmail.com>
To: "Rocky Hotas" <rockyhotas at post.com>
Subject: Re: Unable to SSH with Kerberos user
> Hi rocky
Hi :)!
> Have a look into the ssh somewhere around line 115:
> debug1: Next authentication method: gssapi-with-mic
> debug1: Unspecified GSS failure. Minor code may provide more information
> Server host/xubtest.xexample.intk at XEXAMPLE.INTK not found in Kerberos database
> gssapi is selected but not ticket grated due to missing service principal for the server.
Thanks for your patience in looking the logs.
Maybe you meant "granted". Ok! I executed in server `kadmin.local' and:
kadmin.local: addprinc -randkey host/xubtest.xexample.intk
WARNING: no policy specified for host/xubtest.xexample.intk at XEXAMPLE.INTK; defaulting to no policy
Principal "host/xubtest.xexample.intk at XEXAMPLE.INTK" created.
kadmin.local: addprinc -randkey host/xubcl1.xexample.intk
WARNING: no policy specified for host/xubcl1.xexample.intk at XEXAMPLE.INTK; defaulting to no policy
Principal "host/xubcl1.xexample.intk at XEXAMPLE.INTK" created.
Hope this is correct. Then, I tried again with ssh, and this is the
result: https://pastebin.com/vDX0Gt67
The error you mentioned is disappeared, but the behaviour is apparently
the same (password required and permission denied even with the correct
password).
> HTH
Yes, of course! Those principals must be created.
Thanks,
Rocky
More information about the Kerberos
mailing list