GSSAPI auth on AIX 4.1P1
From: Ian Clark (Ian.Clark_at_integsoft.co.uk)
Date: 11/19/05
- Previous message: Darren Tucker: "Re: Solaris 10"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Nov 2005 10:10:40 -0000 To: <secureshell@securityfocus.com>
Hi,
I've spent the last few days playing with GSSAPI auth on an AIX 5.3
server (4.1P1) with no success, I've already got this running perfectly
using on a linux testbed system using our AD as KDC using Windows 2000
with Putty (0.56b2 GSSAPI) as a client terminal. The AIX system is
correctly allowing users to authorise against KRB5A but the GSSAPI
single sign on from a client never seems to work.
The debug log from SSHD fails during gssapi-with-mic as follows:
debug1: userauth-request for user ianclark service ssh-connection method
gssapi-with-mic
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method gssapi-with-mic
debug3: mm_request_send entering: type 37
debug3: mm_request_receive_expect entering: type 38
debug3: monitor_read: checking request 37
debug3: mm_request_receive entering
debug1: Miscellaneous failure
No principal in keytab matches desired name
debug3: mm_request_send entering: type 38
debug3: mm_request_receive entering
We have created a host principle and installed it in the krb5 keytab as
per normal, SSHD doesn't need a service principle ?, but what principle
is SSHD looking for and what name ? Gssapi-with-mic is clearly being
attempted, with this error, putty returns an unable to initialise gssapi
context, yet connects to the Linux system immediately.
I'm a little confused, because our linux test worked within minutes of
configuration.
Ian
- Previous message: Darren Tucker: "Re: Solaris 10"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
