I compiled by myself openssh 3.9p1, enabling pthreads and with --with-kerberos5. Now, I enabled kerberosauthentication and gssapi* in the daemon configuration files and I can get afs tokens and a k5 tgt after loggin in.
The problem is that I can't get a passwordless login process. If I set -o PreferredAuthentications=gssapi-wiht-mic I can't login. There follows some debugging informations. ===== CLIENT [EMAIL PROTECTED] ~$ ssh -v -o PreferredAuthentications=gssapi-with-mic plm OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to plm [193.204.161.79] port 22. debug1: Connection established. debug1: identity file /afs/dia.uniroma3.it/usr/m/milicchio/.ssh/identity type -1debug1: identity file /afs/dia.uniroma3.it/usr/m/milicchio/.ssh/id_rsa type -1 debug1: identity file /afs/dia.uniroma3.it/usr/m/milicchio/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'plm' is known and matches the RSA host key. debug1: Found key in /afs/dia.uniroma3.it/usr/m/milicchio/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received PLM Grid Lab ============ debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive debug1: No more authentication methods to try. Permission denied (publickey,gssapi-with-mic,password,keyboard-interactive). [EMAIL PROTECTED] ~$ === SERVER plm:~# /usr/sbin/sshd -dddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 284 debug2: parse_server_config: config /etc/ssh/sshd_config len 284 debug1: sshd version OpenSSH_3.9p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-dddd' socket: Address family not supported by protocol debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug3: fd 4 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 284 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 -- Sensei <mailto:[EMAIL PROTECTED]> The optimist says "Tomorrow is sunday". The pessimist says "The day after tomorrow is monday". (Gustave Flaubert) ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
