Bug 162096
Summary: | Configuring kerberos authentication. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Dave English <djenglish007> |
Component: | openssh | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED WORKSFORME | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | tao |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-01 17:00:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dave English
2005-06-29 20:23:08 UTC
What exact client and server versions of openssh do you use? rpm -qa | grep ssh openssh-server-3.9p1-8.RHEL4.4 openssh-3.9p1-8.RHEL4.4 openssh-clients-3.9p1-8.RHEL4.4 You're really terse. Do you connect from RHEL4 machine to another RHEL4 machine? Do you have GSSAPIAuthentication yes in both ssh_config and sshd_config files? yes in both grep GSSAPIAuthentication ssh*config ssh_config: GSSAPIAuthentication yes sshd_config:GSSAPIAuthentication yes Do you connect from RHEL4 machine to another RHEL4 machine YES With both the same rev 2.6.9-11.ELsmp #1 SMP Fri May 20 18:25:30 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux Hmm I cannot reproduce it here, do you have correctly set-up your /etc/krb5.keytab with the server key? Also if you want as a paying customer proper response from Red Hat you should use the Issue Tracker for reporting problems with Red Hat Enterprise Linux. Yes when I do a strings the file it is fine, right hosts name, domain / realm There can be problems with the host name resolution (is you host multihomed?). Could you attach here your krb5.conf file, klist output of your ticket and getprinc output from kadmin for the host principal of the sshd server machine? cat /etc/krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = XXX.COM default_tgs_enctypes = des-cbc-crc des-cbc-md5 des3-hmac-sha1 default_tkt_enctypes = des-cbc-crc des-cbc-md5 des3-hmac-sha1 clockskew = 600 forwardable = true [realms] XXX.COM = { kdc = :88 kdc = :88 kdc = :88 kdc = :88 kdc = :88 kdc = :88 kdc = :88 kdc = :88 kdc = :88 admin_server = xxx.xxx.xxx.xxx:749 default_domain = XXX.COM } [domain_realm] .XXX.com = XXX.COM XXX.com = XXX.COM [kerbnet-config] version = 1.0 symlink-name = /usr/kerberos/kerbnet [logging] default = SYSLOG:DEBUG:AUTH [appdefaults] telnet = { forwardable = true forward = true encrypt = false autologin = true } rlogin = { forwardable = true forward = true encrypt = true } rsh = { forwardable = true forward = true encrypt = true } rcp = { encrypt = true } pam = { forwardable = true } login = { krb5_run_aklog = false krb5_get_tickets = true krb4_get_tickets = false krb4_convert = false } Ticket cache: FILE:/tmp/krb5cc_0.1 Default principal: eng007 Valid starting Expires Service principal 07/01/05 11:50:58 07/01/05 21:50:58 krbtgt/XXX.COM renew until 07/02/05 11:50:56 07/01/05 11:51:01 07/01/05 21:50:58 host/XXXX.XXXXX.XXXXX.com renew until 07/02/05 11:50:56 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Hmm... there doesn't seem to be any obvious problems with the configuration, however there still can be a problem with the service key. As I cannot reproduce the problem here, I'm closing this bug for now as worksforme. But you should use the paid support issue tracker to report the problem so it can be investigated more. Please point them to this bug report. Thank you. |