Hi Rocky Now check the server side logs. Seams there is an issue eighter with the user on the server, or the Kerberos setup on this side.
User needs to be resolveable via „getent passwd“ and server side keytab needs to be aware of the Right services and sshd needs to know the keytab. HTH ---- Patrick > On Jan 25, 2020, at 9:24 AM, Rocky Hotas <rockyho...@post.com> wrote: > > Sent: Saturday, January 25, 2020 at 5:51 PM > From: "Patrick Marc Preuß" <patrick.pre...@gmail.com> > To: "Rocky Hotas" <rockyho...@post.com> > Subject: Re: Unable to SSH with Kerberos user > >> Hi rocky > > Hi :)! > >> Have a look into the ssh somewhere around line 115: > >> debug1: Next authentication method: gssapi-with-mic >> debug1: Unspecified GSS failure. Minor code may provide more information >> Server host/xubtest.xexample.i...@xexample.intk not found in Kerberos >> database > >> gssapi is selected but not ticket grated due to missing service principal >> for the server. > > Thanks for your patience in looking the logs. > Maybe you meant "granted". Ok! I executed in server `kadmin.local' and: > > kadmin.local: addprinc -randkey host/xubtest.xexample.intk > WARNING: no policy specified for host/xubtest.xexample.i...@xexample.intk; > defaulting to no policy > Principal "host/xubtest.xexample.i...@xexample.intk" created. > kadmin.local: addprinc -randkey host/xubcl1.xexample.intk > WARNING: no policy specified for host/xubcl1.xexample.i...@xexample.intk; > defaulting to no policy > Principal "host/xubcl1.xexample.i...@xexample.intk" created. > > Hope this is correct. Then, I tried again with ssh, and this is the > result: https://pastebin.com/vDX0Gt67 > > The error you mentioned is disappeared, but the behaviour is apparently > the same (password required and permission denied even with the correct > password). > >> HTH > > Yes, of course! Those principals must be created. > > Thanks, > > Rocky > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
