SSH and Kerberos usage

Sandeep Umesh sanumesh at
Wed Oct 21 15:18:00 AEDT 2015


I am not sure if this has already been discussed over time, but I have a 
situation where I am not able to ssh with kerberos principal name.

Here is the scenario - 
currently I am using openSSH 6.0 version and I have set the following - 
in sshd_config file - 
        KerberosAuthentication yes
        GSSAPIAuthentication yes
        GSSAPICleanupCredentials yes
in ssh_config file - 
        GSSAPIAuthentication yes
        GSSAPIDelegateCredentials yes

After I obtain the kerberos TGT using - kinit user_name and try to login 
as ssh user_name at hostname, it works fine and I am able to login without a 
password prompt .
However, if I try to login as ssh user_name at realm_name@hostname then I am 
prompted for the password. 

I think the principal name to local name conversation is not happening 
properly which I am yet to verify. But is there any other solution 
available for this?


More information about the openssh-unix-dev mailing list