What do you have to do to get sshd to do Kerberos on Mac OSX? I created an /etc/krb5.keytab and tried adding GSSAPIAuthentication yes to /etc/sshd_config but from looking at captures it doesn't even try anything remotely Kerberos related. I always get prompted for a password. I can ssh to a linux machine in the same enviroment and it works perfectly. Using otool -L I can see sshd is linked with the Kerberos Framework.
The log messages are: Jun 14 17:47:15 mini xinetd[1290]: service ssh, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42) Jun 14 17:47:15 mini xinetd[1290]: START: ssh pid=1325 from=192.168.2.16 Jun 14 17:47:15 mini sshd[1325]: Generating 768 bit RSA key. Jun 14 17:47:15 mini sshd[1325]: RSA key generation complete. Jun 14 17:47:15 mini sshd[1325]: Connection from 192.168.2.16 port 34541 Jun 14 17:47:15 mini sshd[1325]: reverse mapping checking getaddrinfo for quark.foo.net failed - POSSIBLE BREAKIN ATTEMPT! Jun 14 17:47:15 mini sshd[1325]: Failed none for miallen from 192.168.2.16 port 34541 ssh2 That "reverse mapping" error is bogus. I have a perfectly good reverse zone. From looking at captures it appear to do an IPv6 lookup and then gives up. If it had tried a standard lookup it would have found the name. Any ideas? Mike -- Michael B Allen PHP Extension for SSO w/ Windows Group Authorization http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
