An Ethereal trace on the client would show the Kerberos activity th the KDC
and to the sshd.

Jason.C.Burns@wellsfargo.com wrote:
> Hey all, perhaps someone might be able to shed a little light on this
> problem. Nothing I find in books and groups seem to address the
> problem. I'm trying to set up a series of connections with ssh that
> authenticate through GSSAPI. However, it seems that the credentials are
> not getting passed.
>
>>From the client..

>
> debug1: Next authentication method: gssapi-with-mic
> debug2: we sent a gssapi-with-mic packet, wait for reply
> debug1: Delegating credentials
> debug1: Delegating credentials
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password,keyboard-interactive
>
> So we can see that the client is configured to send the tickets
> across...
>
>>From the Server...

>
> debug1: userauth-request for user / service ssh-connection
> method gssapi-with-mic
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method gssapi-with-mic
> Postponed gssapi-with-mic for / from xxxx port x ssh2
> debug1: Got no client credentials
> Failed gssapi-with-mic for / from xxxxx port x ssh2
> debug1: userauth-request for user / service ssh-connection
> method keyboard-interactive
>
> What does 'Got no client credentials' mean? The client is sending them,
> so where do they go?
>
> Checking the ticket cache on the client...
>
> # klist
> Credentials cache: FILE:/tmp/krb5cc_xxx
> Principal: /@
>
> Issued Expires Principal
> Nov 3 17:36:40 Nov 4 03:36:40 krbtgt/domain@realm
> Nov 3 17:37:52 Nov 4 03:36:40 host/@
>
> So it's even getting the ticket for the machine it is trying to go to
> using the tgt from the kinit.
>
> Any ideas? I'm starting to bang my head against the wall here.
>
> Thanks!
>
> Jason
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> http://www.mindrot.org/mailman/listi...enssh-unix-dev
>
>


--

Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev