still have password authentication with ssh (Nils Achtergarde)
Henry B. Hotz
hotz at jpl.nasa.gov
Fri Jul 27 15:43:03 EDT 2007
On Jul 27, 2007, at 9:07 AM, krbdev-request at mit.edu wrote:
> Date: Thu, 26 Jul 2007 23:37:05 +0200
> From: Nils Achtergarde <n.achtergarde at media-net.de>
> Subject: Re: still have password authentication with ssh
> To: krbdev at mit.edu
> Message-ID: <46A91401.6030005 at media-net.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Problem was, that when running "hostname" in shell, I only got the
> name,
> but it had to be the fully qualified name.
Some versions of hostname will take a -fqdn option. Don't use that
option as root on a machine that doesn't support it though. (I once
did.)
> In addition the KVNO didn't match. To get the KVNO, run getprinc
> host/<hostname> in kadmin.local on the kdc and run klist -ke on the
> client.
It'd be easier to run "kvno host/<hostname>". ;-) (I think that's
kgetcred on Heimdal.)
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list