Re: ssh + kerberosV

[Julien TOUCHE <julien.touche@lycos.com>]

Matthijs Mohlmann wrote:

> touche@localhost is the fault
> 
> you have to do it so:
> $ ssh touche@hostname <- and hostname must not be localhost
> 
test with `hostname` and `hostname -s`, and failed ...

in kdc.log:
2003-11-29T13:11:09 TGS-REQ touche@VPN.WWW from IPv4:192.168.2.5 for 
host/etenemanki.touche.www@VPN.WWW
2003-11-29T13:11:09 sending 591 bytes to IPv4:192.168.2.5
2003-11-29T13:11:09 AS-REQ touche@VPN.WWW from IPv4:192.168.2.5 for 
krbtgt/VPN.WWW@VPN.WWW
2003-11-29T13:11:09 Using des3-cbc-sha1/des3-cbc-sha1
2003-11-29T13:11:09 Requested flags: forwardable
2003-11-29T13:11:09 sending 560 bytes to IPv4:192.168.2.5
2003-11-29T13:11:09 TGS-REQ touche@VPN.WWW from IPv4:192.168.2.5 for 
host/etenemanki.touche.www@VPN.WWW
2003-11-29T13:11:09 sending 591 bytes to IPv4:192.168.2.5

seems also keytab pb appears form time to time (authlog)
Nov 29 13:11:09 etenemanki krb5: verify: Key table entry not found

one problem which may arise, is, i have two internal private domain 
(some kind of migration).

i enter the host with the two suffix for host/ & ssh/, not sure if it is 
sufficient.


> For localhost is no entry in the kerberos server :)
ok

Regards

		Julien

note: i'm on the list