[Freeipa-users] k5login not working?
Jeffery Harrell
sparky at charlietango.com
Wed Jul 6 19:30:56 UTC 2016
I must be missing something really obvious.
Our IPA server is set up in the usual way on CentOS 7.2, just a “yum
install ipa-server” and then an “ipa-server-install.” DNS is set up
correctly and is working.
I’ve got a handful of CentOS 7.2 servers configured as IPA clients — “yum
install ipa-client”, “ipa-client-install.” Auto-detection of the realm,
domain and server were normal.
But k5login is not working as expected. If I have this .k5login file in the
admin user’s home directory on server A:
alice at CHARLIETANGO.COMbob@CHARLIETANGO.COM
I would expect to be able to do this:
kinit alice at CHARLIETANGO.COM
ssh -K admin at serverA
from anywhere in the Kerberos realm. Instead my credentials get rejected
and I’m asked for the admin user’s password.
It feels like sshd on the server isn’t even looking at k5login. (I also
tried k5users; same result.)
The permissions on .k5login are correct. I tried it with SELinux off as
well just in case that was it.
What blindingly obvious thing have I overlooked?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160706/0661271e/attachment.htm>
More information about the Freeipa-users
mailing list