Start sshd on a private port with -dddde
Start ssh client with -vvv

You can ususally see the casue then

Do you have a .krb5login file? This is needed if the stripped upn !=
unix name

-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On
Behalf Of Abhishek Chowdhury
Sent: Wednesday, July 30, 2008 7:05 AM
To: kerberos@mit.edu
Subject: Re: SSH configuration




> I am getting the initial krtgt ticket and the service ticket also when


> I am trying to do ssh. But still the ssh is asking for passowrd. I
> have done the configuration required in the ssh and sshd file.
>
>



bodik wrote:
>
> hi,
>
> I think, that you also need:
>
> * krb5.conf
> a proper configuration for your realm
>
> * sshd_config
> KerberosAuthentication yes
> KerberosOrLocalPasswd yes
> KerberosTicketCleanup yes
>
> * ssh_config
>
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
>
> * pam.d/ssh
> pam_krb5.so
>
> * krb5.keytab
> service key in keytab for host
> (to establish a trust between service and KDC)
>
>>> any pointers in this regard?

> there should be many howto's out there, but just now i cann't find any


> suitable walkthrough. but this looks fine (i didn't read it
>
> http://www.visolve.com/security/ssh_kerberos.php
>
> bodik
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>


--
View this message in context:
http://www.nabble.com/SSH-configurat...p18729232.html
Sent from the Kerberos - General mailing list archive at Nabble.com.

________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos