OpenSSH and KerbV

Stephen Smoogen smoogen at
Sat May 17 00:45:25 EST 2003

WHen I have run into this problem in the past it has been a kerberos
server/client problem and not with the ssh. We had this happen on
machines that had older Cygnus versions of kerberos trying to get
tickets from a MIT Kerberos 1.2.x server. To clear it out we made sure
that the clients and servers were running the same code and then
confirmed that the /etc/krb5.keytab on the client was the correct one
from the server.

On Thu, 2003-05-15 at 23:58, Phil Dibowitz wrote:
> Phil Dibowitz wrote:
> > Hrm, really? I loose my tickets when I SSH from one host to the next.
> > Is this also only an ssh1 thing?
> > 
> I hate to reply to my own post... but it occurs to me its probably 
> required to have kerb authentication in order to have kerb ticket 
> forwarding. Given that, kerb authentication IS working just fine if I 
> use ssh1... (my kinit hadn't worked before and I didn't realize it).
> HOWEVER, ticket forwarding still fails:
> debug1: Kerberos v5 authentication accepted.
> debug1: Kerberos v5 TGT forwarding failed: KDC can't fulfill requested 
> option
> Unfortunately my kerberos-fu is weak, so, I'm not sure if its a kerb 
> thing or an ssh thing...
> Any help would be much appreciated.
> -- 
> Phil Dibowitz                             phil at
> Freeware and Technical Pages              Insanity Palace of Metallica
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
>   - Benjamin Franklin, 1759
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at
Stephen John Smoogen		smoogen at
Los Alamos National Labrador  CCN-5 Sched 5/40  PH: 4-0645 (note new #)
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --

More information about the openssh-unix-dev mailing list