Hi mate, [r...@herdingcat ericlee]# ktutil ktutil: rkt /etc/krb5.keytab ktutil: l -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 2 host/ns.herdingcat.inter...@herdingcat.internal (AES-256 CTS mode with 96-bit SHA-1 HMAC) 2 2 host/ns.herdingcat.inter...@herdingcat.internal (AES-128 CTS mode with 96-bit SHA-1 HMAC) 3 2 host/ns.herdingcat.inter...@herdingcat.internal (Triple DES cbc mode with HMAC/sha1) 4 2 host/ns.herdingcat.inter...@herdingcat.internal (ArcFour with HMAC/md5) 5 2 host/ns.herdingcat.inter...@herdingcat.internal (DES with HMAC/sha1) 6 2 host/ns.herdingcat.inter...@herdingcat.internal (DES cbc mode with RSA-MD5) ktutil: [r...@herdingcat ericlee]#
Yes, it was copy-pasted. So is there anything wrong? Eric On Tue, Jan 4, 2011 at 7:16 PM, Brian Candler <b.cand...@pobox.com> wrote: > On Tue, Jan 04, 2011 at 06:57:20PM +0800, Lee Eric wrote: >> debug1: Unspecified GSS failure. Minor code may provide more information >> Key table entry not found > > Aha, that's your problem. What does the following show? > > # ktutil > rkt /etc/krb5.keytab > l -e > ^D > > And what does 'klist' on the client show, after you've attempted to ssh? > >> So I notice that it was due to SSH server side cannot find keytab but >> it exists in /etc/krb5.keytab: >> -r--------. 1 root root 526 Jan 3 00:58 /etc/krb5.keytab > > It can find the keytab, but it can't find the right entry in the keytab. > > BTW, was that copy-pasted? I've never seen a '.' after the mode bits before. > > Regards, > > Brian. > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
