Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Looks like no one’s replied in a while. To start the conversation again, simply
ask a new question.
Problem with Tiger Kerberos Client and Linux Kerberos Server
Hi
I have spent much of the day trying to get ssh on my Tiger machine authenticating with a Linux server using Kerberos. Our Linux client machines work fine. I have tested two Macs with different Mac OS X revisions and get the same problem. Kerberos fails and I get asked for a password.
debug2: key: /Users/gluck/.ssh/identity (0x0)
debug2: key: /Users/gluck/.ssh/id_rsa (0x0)
debug2: key: /Users/gluck/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod
isenabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Delegating credentials
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod
isenabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/gluck/.ssh/identity
debug3: no such identity: /Users/gluck/.ssh/identity
debug1: Trying private key: /Users/gluck/.ssh/id_rsa
debug3: no such identity: /Users/gluck/.ssh/id_rsa
debug1: Trying private key: /Users/gluck/.ssh/id_dsa
debug3: no such identity: /Users/gluck/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod
isenabled password
debug1: Next authentication method: password
gluck@vmware.wotif.com's password:
The client config is in /Library/Preferences/edu.mit.Kerberos as follows:
debug1: userauth-request for user gluck service ssh-connection method gssapi-with-mic
debug1: attempt 1 failures 1
Postponed gssapi-with-mic for gluck from 192.168.0.101 port 52505 ssh2
debug1: Unspecified GSS failure. Minor code may provide more information
Wrong principal in request
debug1: Got no client credentials
One thing I am suspicious on. My mac lists its hostname as ending in .local, but when I type domainname it comes back blank. I wonder is this screwing with Kerberos. I have added .local to the domain_realm.
I tried setting the hostname using the sudo hostname command. It sets but still does not work.
I did not make this clear, but the attempt to ssh is done after a kinit. I have tried kinit from the command line and also using the GUI. Both work as verified by the klist on command line and GUI.
So the problem is not that we don't have a ticket.
I managed to get a machine at work going. It was on a network where host and domain name were being set by DHCP.
In my home environment that is not the case. Both are blank. My DHCP server does not set them.
Unfortunately setting a hostname and domainname on Mac is not simple.
I found out how to set the hostname in /etc/hostconfig using HOSTNAME=
Tried that and it did not work.
On the work network I also tried my machine. It did not work. I tested my account name using the other guy's mac which did work. Incidentally I provided the /Library/Preferences/edu.mit.Kerberos config.
So:
- the config is ok
- the Kerberson config is ok
At home there is something dodgy going on. We got Apache working from Firefox on Linux. We managed to get it working on Mac up to the same point where it fails in ssh.