Hi guys, I am still having trouble with some authentication issues using the AD kerberos server. I can ssh to my Debian/Etch machine using Active Directory credentials, but I cannot login with a Kerberos ticket. kinit works and klist shows the following:
nfsv4etch:~# kinit rohitm Password for [EMAIL PROTECTED]: nfsv4etch:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 10/06/06 17:48:12 10/07/06 03:49:59 krbtgt/[EMAIL PROTECTED] renew until 10/07/06 17:48:12 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Kerberized telnet does not seem to work. nfsv4etch:~# telnet -k AD.ENGR.UCONN.EDU -l rohitm nfsv4etch Trying 127.0.1.1... Connected to nfsv4etch (127.0.1.1). Escape character is '^]'. telnetd: Authorization failed. Connection closed by foreign host. Also if I type ssh [EMAIL PROTECTED], it prompts me for my password. I was hoping it would just let me in with my ticket. I have set the following options in /etc/ssh/sshd_config KerberosAuthentication yes #KerberosGetAFSToken yes KerberosOrLocalPasswd yes KerberosTicketCleanup yes and /home/rohitm/.k5login contains the user "[EMAIL PROTECTED]" The following packages are installed: ii krb5-clients 1.4.4-1 Secure replacements for ftp, telnet and rsh ii krb5-config 1.10 Configuration files for Kerberos Version 5 ii krb5-rsh-server 1.4.4-1 Secure replacements for rshd and rlogind usi ii krb5-telnetd 1.4.4-1 Secure telnet server supporting MIT Kerberos ii krb5-user 1.4.4-1 Basic programs to authenticate using MIT Ker ii libkrb5-17-heimdal 0.7.2.dfsg.1-4 Libraries for Heimdal Kerberos ii libkrb53 1.4.4-1 MIT Kerberos runtime libraries ii libpam-krb5 2.0-1 PAM module for MIT Kerberos I also created a user named "nfsv4etch" in the Active Directory and did the following to generate an /etc/krb5.keytab file. Z:\krb>ktpass -princ host/[EMAIL PROTECTED] -mapuser nfsv4etch -crypto DES-CBC-MD5 -pass password -ptype KRB5_NT_PRINCIPAL -out unix machine.keytab2 Targeting domain controller: fozzie.ad.engr.uconn.edu Using legacy password setting method Successfully mapped host/nfsv4etch.engr.uconn.edu to nfsv4etch. Key created. Output keytab to unixmachine.keytab2: Keytab version: 0x502 keysize 74 host/[EMAIL PROTECTED] ptype 1 (KRB5_NT_PRINCIPAL) vno 4 etype 0x3 (DES-CBC-MD5) keylength 8 (0xceae025dfe455d49) Can anyone think of what I am missing? I was hoping this would be easy! Thanks in advance for any help. Rohit ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos