still have password authentication with ssh
Paul Moore
paul.moore at centrify.com
Mon Jul 23 17:18:22 EDT 2007
Do klist on the client just after the failure (not -k) this will show
what tickets you actually got
-----Original Message-----
From: krbdev-bounces at mit.edu [mailto:krbdev-bounces at mit.edu] On Behalf
Of Nils Achtergarde
Sent: Monday, July 23, 2007 9:15 AM
To: Douglas E. Engert
Cc: krbdev at mit.edu
Subject: Re: still have password authentication with ssh
I'm sorry for the confusion, but the nils-PC was from an old
installation. So no from scratch:
I'm getting password authentification, allthough I've installed
kerberos.
So what am I missing?
The kdc and admin--server is called filebase.bfk.loc, the ssh-server is
called kerb-server.fra.loc and the ssh-client kerb-client.fra.loc.
The user is called nils. The realm is called BFK.LOC
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
The debug on the ssh-server:
Jul 23 15:58:09 kerb-server sshd[3215]: Connection from ::ffff:10.0.0.90
port 50968 Jul 23 15:58:09 kerb-server sshd[3185]: debug1: Forked child
3215.
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Client protocol version
2.0; client software version OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-10 Jul
23 15:58:09 kerb-server sshd[3215]: debug1: match: OpenSSH_3.8.1p1
Debian-krb5 3.8.1p1-10 pat OpenSSH*
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Enabling compatibility
mode for protocol 2.0 Jul 23 15:58:09 kerb-server sshd[3215]: debug1:
Local version string
SSH-2.0-OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-10 Jul 23 15:58:09
kerb-server sshd[3215]: debug2: Network child is on pid 3216 Jul 23
15:58:09 kerb-server sshd[3215]: debug1: Miscellaneous failure No
principal in keytab matches desired name Jul 23 15:58:09 kerb-server
sshd[3215]: debug1: Miscellaneous failure No principal in keytab matches
desired name Jul 23 15:58:09 kerb-server sshd[3215]: debug2:
monitor_read: 0 used once, disabling now Jul 23 15:58:09 kerb-server
sshd[3215]: debug2: monitor_read: 4 used once, disabling now Jul 23
15:58:09 kerb-server sshd[3215]: debug2: monitor_read: 6 used once,
disabling now Jul 23 15:58:09 kerb-server sshd[3215]: debug1: PAM:
initializing for "nils"
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: PAM: setting PAM_RHOST
to "kerb-client"
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: PAM: setting PAM_TTY to
"ssh"
Jul 23 15:58:09 kerb-server sshd[3215]: debug2: monitor_read: 51 used
once, disabling now Jul 23 15:58:09 kerb-server sshd[3215]: debug2:
monitor_read: 3 used once, disabling now Jul 23 15:58:09 kerb-server
sshd[3215]: Failed none for nils from ::ffff:10.0.0.90 port 50968 ssh2
Jul 23 15:58:09 kerb-server sshd[3215]: debug1: Miscellaneous failure No
principal in keytab matches desired name Jul 23 15:58:15 kerb-server
sshd[3215]: debug1: do_cleanup Jul 23 15:58:15 kerb-server sshd[3215]:
debug1: PAM: cleanup
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
"klist -k" on kerb-server:
3 host/kerb-server.fra.loc at BFK.LOC
3 host/kerb-server.fra.loc at BFK.LOC
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
"klist -k" on kerb-client:
3 host/kerb-client.fra.loc at BFK.LOC
3 host/kerb-client.fra.loc at BFK.LOC
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
"klist" on kerb-client before connecting:
Ticket cache: FILE:/tmp/krb5cc_1001_N3rPSz Default principal:
nils at BFK.LOC
Valid starting Expires Service principal
07/23/07 15:57:28 07/24/07 01:57:28 krbtgt/BFK.LOC at BFK.LOC
renew until 07/24/07 15:57:24
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
"klist" on kerb-client after trying to connect:
Ticket cache: FILE:/tmp/krb5cc_1001_N3rPSz Default principal:
nils at BFK.LOC
Valid starting Expires Service principal
07/23/07 15:57:28 07/24/07 01:57:28 krbtgt/BFK.LOC at BFK.LOC
renew until 07/24/07 15:57:24
07/23/07 15:58:12 07/24/07 01:57:28 host/kerb-server.fra.loc at BFK.LOC
renew until 07/24/07 15:57:24
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
"kadmin.local -q "listprincs"" on filebase.bfk.loc:
K/M at BFK.LOC
admin/admin at BFK.LOC
host/filebase.bfk.loc at BFK.LOC
host/kerb-client-new.fra.loc at BFK.LOC
host/kerb-client.fra.loc at BFK.LOC
host/kerb-server.fra.loc at BFK.LOC
host/nils.bfk.loc at BFK.LOC
kadmin/admin at BFK.LOC
kadmin/changepw at BFK.LOC
kadmin/filebase at BFK.LOC
kadmin/history at BFK.LOC
krbtgt/BFK.LOC at BFK.LOC
nils/admin at BFK.LOC
nils at BFK.LOC
root/admin at BFK.LOC
root at BFK.LOC
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
--
My public PGP-key:
http://www.num.math.uni-goettingen.de/~nachterg/n.achtergarde_media-net.
de_pub.asc
_______________________________________________
krbdev mailing list krbdev at mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list