engerd
asked on
How do I configure GSSAPI->Kerberos V to work with openssh-3.9p1-8 on RHEL4U4?
Configuration:
RHEL4U4 - fresh installation
openssh-3.9p1-8 RPMs for openssh
Fully operational KDC
Correctly configured host and user principals for hostA and hostB
Problem: kerberos login not attempted via GSSAPI and sshd on hostB when logging in as usera from hostA with current TGT and correct CC.
Should this just work, or am I banging my head on a wall again?
We have no AFS, which most of the info on Google seems to refer to.
Many thanks.
RHEL4U4 - fresh installation
openssh-3.9p1-8 RPMs for openssh
Fully operational KDC
Correctly configured host and user principals for hostA and hostB
Problem: kerberos login not attempted via GSSAPI and sshd on hostB when logging in as usera from hostA with current TGT and correct CC.
Should this just work, or am I banging my head on a wall again?
We have no AFS, which most of the info on Google seems to refer to.
Many thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am sure you've checked that but just to make sure. Did you enable root login in your sshd_config of ServerA ?
ASKER
Yes.
We've been using ssh a lot longer than Kerberos ;-) I've just got root to work - missing the root@REALM principal - doh! We don't put root into LDAP via inetorgperson or otherwise!
Thanks again for your help. I'll throw the points to you in any case.
We've been using ssh a lot longer than Kerberos ;-) I've just got root to work - missing the root@REALM principal - doh! We don't put root into LDAP via inetorgperson or otherwise!
Thanks again for your help. I'll throw the points to you in any case.
BTW what is your kinit name ? Is it also root@realm ? Or you are using a realm other than root that has no access to root credentials?
if so please include it to rot realm
if so please include it to rot realm
oops you've already put it in ther :) Sorry I did not see your comment. Thansk anyway :)
ASKER
This is all configured correctly. I noticed a short time ago, that a specific user *can* ssh without a password with a suitable TGT in their CC. This does not work for root.
So ... I believe the problem is in the LDAP UID lookup rather than kerberos. root account doesn't work either, which is also mystifying.
Thanks for yur help in any case.