still have password authentication with ssh

Nils Achtergarde n.achtergarde at media-net.de
Mon Jul 23 12:15:07 EDT 2007 

I'm sorry for the confusion, but the nils-PC was from an old
installation. So no from scratch:

I'm getting password authentification, allthough I've installed kerberos.
So what am I missing?

The kdc and admin--server is called filebase.bfk.loc, the ssh-server is
called kerb-server.fra.loc and the ssh-client kerb-client.fra.loc.
The user is called nils. The realm is called BFK.LOC

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The debug on the ssh-server:

Jul 23 15:58:09 kerb-server sshd[3215]: Connection from ::ffff:10.0.0.90
port 50968
Jul 23 15:58:09 kerb-server sshd[3185]: debug1: Forked child 3215.
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Client protocol version
2.0; client software version OpenSSH_3.8.1p1  Debian-krb5 3.8.1p1-10
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: match: OpenSSH_3.8.1p1 
Debian-krb5 3.8.1p1-10 pat OpenSSH*
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Enabling compatibility
mode for protocol 2.0
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Local version string
SSH-2.0-OpenSSH_3.8.1p1  Debian-krb5 3.8.1p1-10
Jul 23 15:58:09 kerb-server sshd[3215]: debug2: Network child is on pid 3216
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Miscellaneous failure No
principal in keytab matches desired name
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Miscellaneous failure No
principal in keytab matches desired name
Jul 23 15:58:09 kerb-server sshd[3215]: debug2: monitor_read: 0 used
once, disabling now
Jul 23 15:58:09 kerb-server sshd[3215]: debug2: monitor_read: 4 used
once, disabling now
Jul 23 15:58:09 kerb-server sshd[3215]: debug2: monitor_read: 6 used
once, disabling now
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: PAM: initializing for "nils"
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: PAM: setting PAM_RHOST
to "kerb-client"
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: PAM: setting PAM_TTY to
"ssh"
Jul 23 15:58:09 kerb-server sshd[3215]: debug2: monitor_read: 51 used
once, disabling now
Jul 23 15:58:09 kerb-server sshd[3215]: debug2: monitor_read: 3 used
once, disabling now
Jul 23 15:58:09 kerb-server sshd[3215]: Failed none for nils from
::ffff:10.0.0.90 port 50968 ssh2
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Miscellaneous failure No
principal in keytab matches desired name
Jul 23 15:58:15 kerb-server sshd[3215]: debug1: do_cleanup
Jul 23 15:58:15 kerb-server sshd[3215]: debug1: PAM: cleanup
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
"klist -k" on kerb-server:
   3 host/kerb-server.fra.loc at BFK.LOC
   3 host/kerb-server.fra.loc at BFK.LOC
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
"klist -k" on kerb-client:  
   3 host/kerb-client.fra.loc at BFK.LOC
   3 host/kerb-client.fra.loc at BFK.LOC
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
"klist" on kerb-client before connecting:
Ticket cache: FILE:/tmp/krb5cc_1001_N3rPSz
Default principal: nils at BFK.LOC

Valid starting     Expires            Service principal
07/23/07 15:57:28  07/24/07 01:57:28  krbtgt/BFK.LOC at BFK.LOC
        renew until 07/24/07 15:57:24
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
"klist" on kerb-client after trying to connect:
Ticket cache: FILE:/tmp/krb5cc_1001_N3rPSz
Default principal: nils at BFK.LOC

Valid starting     Expires            Service principal
07/23/07 15:57:28  07/24/07 01:57:28  krbtgt/BFK.LOC at BFK.LOC
        renew until 07/24/07 15:57:24
07/23/07 15:58:12  07/24/07 01:57:28  host/kerb-server.fra.loc at BFK.LOC
        renew until 07/24/07 15:57:24
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
"kadmin.local -q "listprincs"" on filebase.bfk.loc:

K/M at BFK.LOC
admin/admin at BFK.LOC
host/filebase.bfk.loc at BFK.LOC
host/kerb-client-new.fra.loc at BFK.LOC
host/kerb-client.fra.loc at BFK.LOC
host/kerb-server.fra.loc at BFK.LOC
host/nils.bfk.loc at BFK.LOC
kadmin/admin at BFK.LOC
kadmin/changepw at BFK.LOC
kadmin/filebase at BFK.LOC
kadmin/history at BFK.LOC
krbtgt/BFK.LOC at BFK.LOC
nils/admin at BFK.LOC
nils at BFK.LOC
root/admin at BFK.LOC
root at BFK.LOC
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

-- 
My public PGP-key: http://www.num.math.uni-goettingen.de/~nachterg/n.achtergarde_media-net.de_pub.asc

More information about the krbdev mailing list