Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Sam Evans
February 10, 2005, 5:52 pm
rate this thread
I seem to have run into a road block getting my Linux machines to
authenticate against AD when coming in through OpenSSH.
First, let me start off my listing what my environmnet is:
* RHEL Linux
* MIT Kerboros v1.4
* OpenSSH v3.9p1 - Compiled using the following line:
./configure --with-tcp-wrappers --with-pam
--with-kerberos5=/usr/kerberos --with-md5-passwords --prefix=/usr
* Windows 2003
If I use my local account and password, I can get into the machine OK.
I know that OpenSSH is functioning properly. At this point, if I do a
'kinit' I can successfully authenticate myself against AD and obtain my
If I change my account information to require that authentication take
place using Kerberos, then I get the following error from the ssh daemon:
debug1: Kerberos password authentication failed: ASN.1 encoding ended
-- What I have been able to determine at this point is that if I remove
my userid from the multitude of groups that it belongs to in AD, then I
*can* successfully authenticate myself when I come in through OpenSSH,
-- If I place myself back into the same groups, I cannot authenticate
myself and get the above error.
In doing some reading, it appears as if I need to force TCP usage in the
MIT Kerberos, which I have done. Everything still works when I do
'kinit' but nothing has changed in regards to OpenSSH authentication
Anyone have any thoughts or suggestions?
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum