On Tue, 14 Jul 2009, John Marshall wrote: > Zero interest on -stable after 1 week. Trying -current. > > On Wed, 08 Jul 2009, 18:52 +1000, John Marshall wrote: >> I source upgraded a (test) server here (i386) from 7.2-RELEASE-p2 to >> 8.0-BETA1 this morning. I use GSSAPI as the primary authentication >> method for sshd on that server. After the upgrade GSSAPI authentication >> stopped working and I can't get enough information to figure out why. >> Perhaps the newer version of Heimdal behaves differently? Perhaps the >> newer version of sshd behaves differently? >> I'm a Kerberos weenie, so don't expect this to help, but I know what it's like when it doesn't work. Here's some things I've had luck with when trying to get the gssapi to work in the past: - try commenting out all the other mechanisms in /etc/gss/mech. (It seems to sometimes get confused and tries to use a different mech than Kerberos, or whatever you are using.) - try to make sure that your KDC, client and server machine are all using the same encryption type by default (and that the entry for the host principal in the server is encrypted with that same type). default_etypes in /etc/krb5.conf + whatever your KDC uses - make sure your machines have fully qualified DNS names and that the name for the server matches the one used for the host based principal in its keytab file. Doubt any of the above will help, but good luck with it, rickReceived on Tue Jul 14 2009 - 12:32:04 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:51 UTC