Hi,
Here's the server side sshd_config in my system, the OS is Fedora 14.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for prot
Sorry, it was caused by the client is lacking of keytab file.
Eric
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
On Sat, Jun 11, 2011 at 02:18:57PM +0800, Lee Eric wrote:
> # Kerberos options
> KerberosAuthentication yes
Aside: note that you almost certainly don't want this.
"KerberosAuthentication" means "cleartext password authentication, checking
the password against the KDC"
To authenticate people using
Thanks mate. And btw, I use pam_afs_session in OpenSSH pam
configuration, so do I have to comment out UsePAM?
Eric
On Sun, Jun 12, 2011 at 1:09 AM, Brian Candler wrote:
> On Sat, Jun 11, 2011 at 02:18:57PM +0800, Lee Eric wrote:
>> # Kerberos options
>> KerberosAuthentication yes
>
> Aside: note
On Sun, Jun 12, 2011 at 10:55:04AM +0800, Lee Eric wrote:
> Thanks mate. And btw, I use pam_afs_session in OpenSSH pam
> configuration, so do I have to comment out UsePAM?
Ah right, session handling would be a good reason to UsePAM :-)
Regards,
Brian.
Thanks very much, mate.
Eric
On Sun, Jun 12, 2011 at 3:17 PM, Brian Candler wrote:
> On Sun, Jun 12, 2011 at 10:55:04AM +0800, Lee Eric wrote:
>> Thanks mate. And btw, I use pam_afs_session in OpenSSH pam
>> configuration, so do I have to comment out UsePAM?
>
> Ah right, session handling would
The server is offering Kerberos client authentication, the client is
trying it, and it's failing. Take a look at the syslog messages from
sshd and see if there's anything helpful there. If not, run a debugging
instance of the server:
$ sudo /usr/sbin/sshd -dep222
... connect to it (ssh -vp222)
