Default configuration should work properly. Otherwise you can add the below lines in your sshd configuration file
GssapiAuthentication yes GssapiKeyExchange yes GssapiUseSessionCredCache yes Also start the client session in the verbose mode and see what is happening by giving $ ssh -v hostname Also you can check on the KDC log whether it has issued a forwarded TGT. -----Original Message----- From: Someone [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 4:30 PM To: [EMAIL PROTECTED] Subject: Re: SSH with Kerberos 5 GSSAPI Srinivas Cheruku wrote: > did you get a forwardable tgt before running the ssh client? > Get the forwardable TGT, then only your identity can be delegated the > session opened by ssh client. > > > -----Original Message----- > From: Someone [mailto:[EMAIL PROTECTED]] > Sent: Friday, March 22, 2002 3:56 PM > To: [EMAIL PROTECTED] > Subject: SSH with Kerberos 5 GSSAPI > > > Hello, > > I just compiled SSH v3.0.2p1 with the GSSAPI patch included. It works > fine, well I get my password authenticated by the KDC but I have > remarked that I didn't get any tickets, is that normal ? Or maybe I have > to to myself a kinit after the login with ssh ? > > The problem is that when I do kinit to get my ticket i get the following > error: > > > kinit > Password for username@REALM: > kinit(v5): No credentials cache found when initializing cache > > What does that mean ? I am using Linux with MIT Kerberos 5 v 1.2.3. > > Thanks for the help > Regards > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos > ********************************************************************* > Disclaimer: The information in this e-mail and any attachments is > confidential / privileged. It is intended solely for the addressee or > addressees. If you are not the addressee indicated in this message, you may > not copy or deliver this message to anyone. In such case, you should destroy > this message and kindly notify the sender by reply email. Please advise > immediately if you or your employer does not consent to Internet email for > messages of this kind. > ********************************************************************* > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos > > Your right I didn't have a ticket before so what I did is a kinit -f and then just sshed on the same machine that I am already. I tryed klist after but still the same result, nothing. Do I need to activate some options in sshd_config maybe ? Regards ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos ********************************************************************* Disclaimer: The information in this e-mail and any attachments is confidential / privileged. It is intended solely for the addressee or addressees. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. ********************************************************************* ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
