* RJ45 <[EMAIL PROTECTED]> [2007-02-27 02:40]:
> actually i just need ssh kerberos authentication
> but the problem is that using ssh kerberos authentication I got an error
> upon autghentication
> Feb 26 21:42:54 bastionbox1 krb5: verify: Server not found in Kerberos
> database
> Feb 26 21:42:54 bastionbox1 sshd[15347]: Failed password for riccardo from
> ::1 port 43768 ssh2
You don't have host principal for your machine added to
your kerberos server.
>
> I configured sshd_config properly and i also changed setting to login.conf
> so that user are authenticated with krb5
>
> but I ahve this error and I am unable to authenticate using sshd as I
> wanted to do.
>
> but if I just enter the system with local password and the after I
> authenticate I succesfully can authenticate and have my ticket
>
> so I get stuck by the error I reported above and I am unable to
> authenticate ssh kerberos
>
> any hints ?
Run, don't walk, to your nearest bookstore and buy a kerberos
book, and see ktutil(8).
For login type services in kerberos you should add a host
principal on your kerberos server, and save the key on your machine
in your krb5.keytab. SSH enforces this. This is to ensure you
aren't talking to a fake kdc, otherwise, someone could pretend to
be your kdc and you'd be hooped.
Note you need to have admin access to do a ktuil add. If
you don't you have to ask your local kerberos admin to do it
for you.
-Bob
