Need help with GSSAPI authentication
Douglas E. Engert
deengert at anl.gov
Wed May 11 23:19:30 EST 2005
P.S. Since you have Leash, tell the SecureCRT to use the
MIT Kerberos rather then SSPI. I dont believe the MIT
code looks at the ok_to_delegate flag.
Simon Gales wrote:
> Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11.
> I've also got MIT Kerberos for Windows installed on the client, and Leash
> shows that my tickets ARE forwardable.
>
> Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and
> OpenSSH 4.0p1.
>
> I've created two AD accounts, and extracted keys mapped to
> "host/hostname.domainname.com at REALM.COM" and
> "ssh/hostname.domainname.com at REALM.COM" and installed them into
> /etc/krb5.keytab.
>
> I can login to the server just fine - GSSAPI-with-mic authentication works
> fine. But when I "klist" after logging in, I have no tickets.
>
> So... is this supposed to work? Should my tickets get forwarded? If not,
> is there a patch that would make this work?
>
> Any help would be appreciated... I can provide server-side debug traces
> if it'll help, but I really just need to know if tgt-forwarding is
> supposed to work in OpenSSH 4.0...
>
> -Simon
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the openssh-unix-dev
mailing list