Do you have a question? Post it now! No Registration Necessary. Now with pictures!
November 14, 2005, 4:11 pm
rate this thread
I built and installed an MIT KDC, OpenSSH 4.2p1 (built with S.
Wilkinson's GSSAPI/Kerberos patch), and changed relevant settings in
sshd_config, however OpenSSH is still prompting me for a password (I
want single sign-on). Running on Debian Linux. Here's the flow:
user% kinit <user> [get a TGT]
user% klist [dumps my TGT, looks fine]
[SSH asks for password and I Ctrl+C out]
In the debug dump, I can see the SSH client sending a GSSAPI stream
which the sshd appears to be ignoring. It does, however, obtain a TGS
in the process, which is a good sign, but there's still no single
sign-on. I tried short hostname and FQHN, same result. The keytab
contains principals for both flavors.
I have a suspicion that it might have something to do with cipher
mismatch? I don't tell KDC what enctypes to generate, so it does 3DES
by default. I thought OpenSSH also supports 3DES, and specifically
uncommented the "Cipher 3des" line in ssh_config, but still no luck.
Any ideas? TIA!
- » SSH 3.2.0: Too many open connections --- how to check what's open?
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum