On Oct 24, 2006, at 12:29 PM, Bob Beck wrote:
Did you give the wee beastie a host key on your kerberos server?
both ssh and /bin/login will attempt to verify a host key against
the server so that your kerberos server isn't getting spoofed.
I think this is the place where I'm running into problems. Checking
my authlog, I find:
krb5-or-pwd: verify: Server not found in Kerberos database
The next problem is that I don't control the server (I'm trying to
authenticate my departmental server against the university-wide
kerberos server). I'll dig into google on that one, but on a
conceptual note, don't I just need to have their key stored on my
client and not vice versa? This should be a one-way trust (me
trusting them, not vice-versa), right? Or are there security
implications that I'm not understanding with Kerberos?
