OpenSSH and KerbV
Stephen Smoogen
smoogen at lanl.gov
Sat May 17 00:45:25 EST 2003
WHen I have run into this problem in the past it has been a kerberos
server/client problem and not with the ssh. We had this happen on
machines that had older Cygnus versions of kerberos trying to get
tickets from a MIT Kerberos 1.2.x server. To clear it out we made sure
that the clients and servers were running the same code and then
confirmed that the /etc/krb5.keytab on the client was the correct one
from the server.
On Thu, 2003-05-15 at 23:58, Phil Dibowitz wrote:
> Phil Dibowitz wrote:
> > Hrm, really? I loose my tickets when I SSH from one host to the next.
> > Is this also only an ssh1 thing?
> >
>
> I hate to reply to my own post... but it occurs to me its probably
> required to have kerb authentication in order to have kerb ticket
> forwarding. Given that, kerb authentication IS working just fine if I
> use ssh1... (my kinit hadn't worked before and I didn't realize it).
>
> HOWEVER, ticket forwarding still fails:
>
> debug1: Kerberos v5 authentication accepted.
> debug1: Kerberos v5 TGT forwarding failed: KDC can't fulfill requested
> option
>
> Unfortunately my kerberos-fu is weak, so, I'm not sure if its a kerb
> thing or an ssh thing...
>
> Any help would be much appreciated.
>
> --
> Phil Dibowitz phil at ipom.com
> Freeware and Technical Pages Insanity Palace of Metallica
> http://www.phildev.net/ http://www.ipom.com/
>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> - Benjamin Franklin, 1759
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Labrador CCN-5 Sched 5/40 PH: 4-0645 (note new #)
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --
More information about the openssh-unix-dev
mailing list