Bug 162096
| Summary: | Configuring kerberos authentication. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Dave English <djenglish007> |
| Component: | openssh | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED WORKSFORME | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.0 | CC: | tao |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-07-01 17:00:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dave English
2005-06-29 20:23:08 UTC
What exact client and server versions of openssh do you use? rpm -qa | grep ssh openssh-server-3.9p1-8.RHEL4.4 openssh-3.9p1-8.RHEL4.4 openssh-clients-3.9p1-8.RHEL4.4 You're really terse. Do you connect from RHEL4 machine to another RHEL4 machine? Do you have GSSAPIAuthentication yes in both ssh_config and sshd_config files? yes in both grep GSSAPIAuthentication ssh*config ssh_config: GSSAPIAuthentication yes sshd_config:GSSAPIAuthentication yes Do you connect from RHEL4 machine to another RHEL4 machine YES With both the same rev 2.6.9-11.ELsmp #1 SMP Fri May 20 18:25:30 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux Hmm I cannot reproduce it here, do you have correctly set-up your /etc/krb5.keytab with the server key? Also if you want as a paying customer proper response from Red Hat you should use the Issue Tracker for reporting problems with Red Hat Enterprise Linux. Yes when I do a strings the file it is fine, right hosts name, domain / realm There can be problems with the host name resolution (is you host multihomed?). Could you attach here your krb5.conf file, klist output of your ticket and getprinc output from kadmin for the host principal of the sshd server machine? cat /etc/krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = XXX.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5 des3-hmac-sha1
default_tkt_enctypes = des-cbc-crc des-cbc-md5 des3-hmac-sha1
clockskew = 600
forwardable = true
[realms]
XXX.COM = {
kdc = :88
kdc = :88
kdc = :88
kdc = :88
kdc = :88
kdc = :88
kdc = :88
kdc = :88
kdc = :88
admin_server = xxx.xxx.xxx.xxx:749
default_domain = XXX.COM
}
[domain_realm]
.XXX.com = XXX.COM
XXX.com = XXX.COM
[kerbnet-config]
version = 1.0
symlink-name = /usr/kerberos/kerbnet
[logging]
default = SYSLOG:DEBUG:AUTH
[appdefaults]
telnet = {
forwardable = true
forward = true
encrypt = false
autologin = true
}
rlogin = {
forwardable = true
forward = true
encrypt = true
}
rsh = {
forwardable = true
forward = true
encrypt = true
}
rcp = {
encrypt = true
}
pam = {
forwardable = true
}
login = {
krb5_run_aklog = false
krb5_get_tickets = true
krb4_get_tickets = false
krb4_convert = false
}
Ticket cache: FILE:/tmp/krb5cc_0.1
Default principal: eng007
Valid starting Expires Service principal
07/01/05 11:50:58 07/01/05 21:50:58 krbtgt/XXX.COM
renew until 07/02/05 11:50:56
07/01/05 11:51:01 07/01/05 21:50:58 host/XXXX.XXXXX.XXXXX.com
renew until 07/02/05 11:50:56
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Hmm... there doesn't seem to be any obvious problems with the configuration, however there still can be a problem with the service key. As I cannot reproduce the problem here, I'm closing this bug for now as worksforme. But you should use the paid support issue tracker to report the problem so it can be investigated more. Please point them to this bug report. Thank you. |