[Freeipa-users] Re: Configuring Client SSH Access Problem

Michael Kang wxiluo at gmail.com
Thu Dec 10 03:39:02 UTC 2009 

output of ssh -v ipaserver.example.com:

debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
admin at ipa.aragon.local's password:

It seems that authentications jump into gssapi-with-mic, but get nothing.


On Wed, Dec 9, 2009 at 9:25 PM, Simo Sorce <ssorce at redhat.com> wrote:

> On Wed, 2009-12-09 at 15:16 +0800, Michael Kang wrote:
> > Does anyone know what's wrong?
> >
> > On Tue, Dec 8, 2009 at 12:35 PM, Michael Kang <wxiluo at gmail.com>
> > wrote:
> >         Dear all,
> >
> >         I had setup a FreeIPA server and a FreeIPA client. After using
> >         the ktutil command to import the keytab, using the following
> >         command on another machine to test the configuration. This
> >         still need passwd.
> >
> >         IPA Server:
> >                 kinit admin
> >                 ipa-addservice host/ipaclient.example.com
> >                 ipa-getkeytab -s ipaserver.example.com -p
> >                 host/ipaclient.example.com -k /tmp/krb5.keytab
> >                 scp /tmp/krb5.keytab
> >                 root at ipaclient.example.com:/tmp/krb5.keytab
> >
> >         IPA client:
> >                 # ktutil
> >                 ktutil: read_kt /tmp/krb5.keytab
> >                 ktutil: write_kt /etc/krb5/krb5.keytab
> >                 ktutil: q
> >         ssh admin at ipaserver.example.com (This don't need passwd.)
> >
> >
> >         PC or Mac:
> >         ssh admin at ipaclient.example.com (This still need passwd.)
>
> So you did successfully kinit on the PC and on the Mac ?
> You can get more info on what is going on by using ssh -vvv
>
> Simo.
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>


-- 
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles
happen.

Personal blog: http://ufusion.org - United Fusion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20091210/4ce81d5b/attachment.htm>

More information about the Freeipa-users mailing list