[Freeipa-users] GSSAPI authentication from trusted AD domain
Jason B. Nance
jason at tresgeek.net
Tue May 2 15:55:28 UTC 2017
> I think I just realised that my expectation may be wrong: GSSAPI login with a
> FreeIPA user logged in on an AD host to a FreeIPA host works. So is it correct
> to also expect passwordless login with an AD user to a FreeIPA host?
If your FreeIPA domain trusts the AD domain, then yes, you can use an AD user to login to a FreeIPA-joined Linux host from a domain-joined Windows client where you are logged into the Windows client as the AD user (assuming you have your HBACs setup to allow - if you didn't password auth wouldn't work either). Unless you've configured "default_domain_suffix" in sssd.conf the user name is "aduser at addomain.tld". If you have configured "default_domain_suffix" make sure that your user names in AD don't conflict with the user names in IPA.
Regards,
j
> On 2 May 2017 at 17:40, Jason B. Nance < [ mailto:jason at tresgeek.net |
> jason at tresgeek.net ] > wrote:
>> Hi Tiemen,
>>> To be clear, what I'm trying to do: log in from an AD account (adm.tiemen), from
>>> an AD host ( [ http://leon.clients.rdmedia.com/ | leon.clients.rdmedia.com ] )
>>> to a FreeIPA host ( [ http://neodymium.test.ams.i.rdmedia.com/ |
>>> neodymium.test.ams.i.rdmedia.com ] ) with the same AD account. I expect to be
>>> logged in through GSSAPI, instead I get a password prompt.
>> I'm assuming that you are coming from a Windows client that is domain joined and
>> logged into that Windows client with the same domain credentials that you are
>> using to connect to the IPA-joined host. Do you also have your SSH client
>> configured to attempt GSSAPI? It appears that you do from the logs you provided
>> but I'm just double-checking.
>> In my setup I've found that this feature does not work all of the time. I've not
>> yet been able to track it down and I'm assuming it has something to do with
>> connections to domain controllers timing out, but at this point that is
>> speculation.
>> So to answer your question, yes, that should work. Sorry I don't have more
>> information for you, I guess I'm basically "me too"ing your post.
>> Regards,
>> j
>>> Is this supposed to work? Did I miss something?
>>> Below the SSH log from the FreeIPA host with LogLevel DEBUG3:
>>> May 2 17:10:32 neodymium sshd[572]: debug3: fd 5 is not O_NONBLOCK
>>> May 2 17:10:32 neodymium sshd[572]: debug1: Forked child 752.
>>> May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: entering fd = 8
>>> config len 922
>>> May 2 17:10:32 neodymium sshd[572]: debug3: ssh_msg_send: type 0
>>> May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: done
>>> May 2 17:10:32 neodymium sshd[752]: debug3: oom_adjust_restore
>>> May 2 17:10:32 neodymium sshd[752]: Set /proc/self/oom_score_adj to 0
>>> May 2 17:10:32 neodymium sshd[752]: debug1: rexec start in 5 out 5 newsock 5
>>> pipe 7 sock 8
>>> May 2 17:10:32 neodymium sshd[752]: debug1: inetd sockets after dupping: 3, 3
>>> May 2 17:10:32 neodymium sshd[752]: Connection from 192.168.10.155 port 53106 on
>>> 192.168.50.63 port 22
>>> May 2 17:10:32 neodymium sshd[752]: debug1: Client protocol version 2.0; client
>>> software version PuTTY_KiTTY
>>> May 2 17:10:32 neodymium sshd[752]: debug1: no match: PuTTY_KiTTY
>>> May 2 17:10:32 neodymium sshd[752]: debug1: Enabling compatibility mode for
>>> protocol 2.0
>>> May 2 17:10:32 neodymium sshd[752]: debug1: Local version string
>>> SSH-2.0-OpenSSH_6.6.1
>>> May 2 17:10:32 neodymium sshd[752]: debug2: fd 3 setting O_NONBLOCK
>>> May 2 17:10:32 neodymium sshd[752]: debug3: ssh_sandbox_init: preparing rlimit
>>> sandbox
>>> May 2 17:10:32 neodymium sshd[752]: debug2: Network child is on pid 753
>>> May 2 17:10:32 neodymium sshd[752]: debug3: preauth child monitor started
>>> May 2 17:10:32 neodymium sshd[752]: debug1: SELinux support disabled [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: privsep user:group 74:74 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug1: permanently_set_uid: 74/74 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug1: list_hostkey_types:
>>> ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 42
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
>>> type 43 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 42
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 43
>>> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT sent [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT received [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,
>>> [ mailto:curve25519-sha256 at libssh.org | curve25519-sha256 at libssh.org ]
>>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, [
>>> mailto:aes128-gcm at openssh.com | aes128-gcm at openssh.com ] , [
>>> mailto:aes256-gcm at openssh.com | aes256-gcm at openssh.com ] , [
>>> mailto:chacha20-poly1305 at openssh.com | chacha20-poly1305 at openssh.com ]
>>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, [
>>> mailto:rijndael-cbc at lysator.liu.se | rijndael-cbc at lysator.liu.se ] [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, [
>>> mailto:aes128-gcm at openssh.com | aes128-gcm at openssh.com ] , [
>>> mailto:aes256-gcm at openssh.com | aes256-gcm at openssh.com ] , [
>>> mailto:chacha20-poly1305 at openssh.com | chacha20-poly1305 at openssh.com ]
>>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, [
>>> mailto:rijndael-cbc at lysator.liu.se | rijndael-cbc at lysator.liu.se ] [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [
>>> mailto:hmac-md5-etm at openssh.com | hmac-md5-etm at openssh.com ] , [
>>> mailto:hmac-sha1-etm at openssh.com | hmac-sha1-etm at openssh.com ] , [
>>> mailto:umac-64-etm at openssh.com | umac-64-etm at openssh.com ] , [
>>> mailto:umac-128-etm at openssh.com | umac-128-etm at openssh.com ] , [
>>> mailto:hmac-sha2-256-etm at openssh.com | hmac-sha2-256-etm at openssh.com ] , [
>>> mailto:hmac-sha2-512-etm at openssh.com | hmac-sha2-512-etm at openssh.com ] , [
>>> mailto:hmac-ripemd160-etm at openssh.com | hmac-ripemd160-etm at openssh.com ] , [
>>> mailto:hmac-sha1-96-etm at openssh.com | hmac-sha1-96-etm at openssh.com ] , [
>>> mailto:hmac-md5-96-etm at openssh.com | hmac-md5-96-etm at openssh.com ]
>>> ,hmac-md5,hmac-sha1, [ mailto:umac-64 at openssh.com | umac-64 at openssh.com ] , [
>>> mailto:umac-128 at openssh.com | umac-128 at openssh.com ]
>>> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, [
>>> mailto:hmac-ripemd160 at openssh.com | hmac-ripemd160 at openssh.com ]
>>> ,hmac-sha1-96,hmac-md5-96 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [
>>> mailto:hmac-md5-etm at openssh.com | hmac-md5-etm at openssh.com ] , [
>>> mailto:hmac-sha1-etm at openssh.com | hmac-sha1-etm at openssh.com ] , [
>>> mailto:umac-64-etm at openssh.com | umac-64-etm at openssh.com ] , [
>>> mailto:umac-128-etm at openssh.com | umac-128-etm at openssh.com ] , [
>>> mailto:hmac-sha2-256-etm at openssh.com | hmac-sha2-256-etm at openssh.com ] , [
>>> mailto:hmac-sha2-512-etm at openssh.com | hmac-sha2-512-etm at openssh.com ] , [
>>> mailto:hmac-ripemd160-etm at openssh.com | hmac-ripemd160-etm at openssh.com ] , [
>>> mailto:hmac-sha1-96-etm at openssh.com | hmac-sha1-96-etm at openssh.com ] , [
>>> mailto:hmac-md5-96-etm at openssh.com | hmac-md5-96-etm at openssh.com ]
>>> ,hmac-md5,hmac-sha1, [ mailto:umac-64 at openssh.com | umac-64 at openssh.com ] , [
>>> mailto:umac-128 at openssh.com | umac-128 at openssh.com ]
>>> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, [
>>> mailto:hmac-ripemd160 at openssh.com | hmac-ripemd160 at openssh.com ]
>>> ,hmac-sha1-96,hmac-md5-96 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none, [
>>> mailto:zlib at openssh.com | zlib at openssh.com ] [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none, [
>>> mailto:zlib at openssh.com | zlib at openssh.com ] [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: first_kex_follows
>>> 0 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: reserved 0
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [
>>> mailto:curve25519-sha256 at libssh.org | curve25519-sha256 at libssh.org ]
>>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> aes256-ctr,aes256-cbc, [ mailto:rijndael-cbc at lysator.liu.se |
>>> rijndael-cbc at lysator.liu.se ] ,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc, [
>>> mailto:chacha20-poly1305 at openssh.com | chacha20-poly1305 at openssh.com ]
>>> ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> aes256-ctr,aes256-cbc, [ mailto:rijndael-cbc at lysator.liu.se |
>>> rijndael-cbc at lysator.liu.se ] ,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc, [
>>> mailto:chacha20-poly1305 at openssh.com | chacha20-poly1305 at openssh.com ]
>>> ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5, [
>>> mailto:hmac-sha2-256-etm at openssh.com | hmac-sha2-256-etm at openssh.com ] , [
>>> mailto:hmac-sha1-etm at openssh.com | hmac-sha1-etm at openssh.com ] , [
>>> mailto:hmac-sha1-96-etm at openssh.com | hmac-sha1-96-etm at openssh.com ] , [
>>> mailto:hmac-md5-etm at openssh.com | hmac-md5-etm at openssh.com ] [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
>>> hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5, [
>>> mailto:hmac-sha2-256-etm at openssh.com | hmac-sha2-256-etm at openssh.com ] , [
>>> mailto:hmac-sha1-etm at openssh.com | hmac-sha1-etm at openssh.com ] , [
>>> mailto:hmac-sha1-96-etm at openssh.com | hmac-sha1-96-etm at openssh.com ] , [
>>> mailto:hmac-md5-etm at openssh.com | hmac-md5-etm at openssh.com ] [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,zlib
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,zlib
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: first_kex_follows
>>> 0 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: reserved 0
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup hmac-sha2-256
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug1: kex: client->server aes256-ctr
>>> hmac-sha2-256 none [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup hmac-sha2-256
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug1: kex: server->client aes256-ctr
>>> hmac-sha2-256 none [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug1: kex: [
>>> mailto:curve25519-sha256 at libssh.org | curve25519-sha256 at libssh.org ] need=32
>>> dh_need=32 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 120
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
>>> type 121 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 120
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 121
>>> May 2 17:10:32 neodymium sshd[752]: debug1: kex: [
>>> mailto:curve25519-sha256 at libssh.org | curve25519-sha256 at libssh.org ] need=32
>>> dh_need=32 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 120
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
>>> type 121 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 120
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 121
>>> May 2 17:10:32 neodymium sshd[752]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign entering [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 6
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign: waiting for
>>> MONITOR_ANS_SIGN [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
>>> type 7 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
>>> [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 6
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign: signature
>>> 0x7f7ea34ed250(83)
>>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 7
>>> May 2 17:10:32 neodymium sshd[752]: debug2: monitor_read: 6 used once, disabling
>>> now
>>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_derive_keys [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug2: set_newkeys: mode 1 [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
>>> May 2 17:10:32 neodymium sshd[752]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
>>> May 2 17:10:33 neodymium sshd[752]: debug2: set_newkeys: mode 0 [preauth]
>>> May 2 17:10:33 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS received [preauth]
>>> May 2 17:10:33 neodymium sshd[752]: debug1: KEX done [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [
>>> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ]
>>> service ssh-connection method none [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 0 failures 0 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow entering [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 8
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow: waiting for
>>> MONITOR_ANS_PWNAM [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
>>> type 9 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 8
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow
>>> May 2 17:10:42 neodymium sshd[752]: debug3: Trying to reverse map address
>>> 192.168.10.155.
>>> May 2 17:10:42 neodymium sshd[752]: debug2: parse_server_config: config
>>> reprocess config len 922
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow: sending
>>> MONITOR_ANS_PWNAM: 1
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 9
>>> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 8 used once, disabling
>>> now
>>> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: setting up
>>> authctxt for [ mailto:adm.tiemen at clients.rdmedia.com |
>>> adm.tiemen at clients.rdmedia.com ] [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_start_pam entering [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 100
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authserv entering
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 4
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authrole entering
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 80
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try method
>>> none [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: userauth_finish: failure partial=0
>>> next
>>> methods="publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive"
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 100
>>> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: initializing for " [
>>> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ] "
>>> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_RHOST to
>>> "192.168.10.155"
>>> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_TTY to "ssh"
>>> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 100 used once,
>>> disabling now
>>> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [
>>> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ]
>>> service ssh-connection method gssapi-with-mic [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 1 failures 0 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try method
>>> gssapi-with-mic [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 42
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
>>> type 43 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 4
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authserv:
>>> service=ssh-connection, style=
>>> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 4 used once, disabling
>>> now
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 80
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authrole: role=
>>> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 80 used once,
>>> disabling now
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 42
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 43
>>> May 2 17:10:42 neodymium sshd[752]: Postponed gssapi-with-mic for [
>>> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ] from
>>> 192.168.10.155 port 53106 ssh2 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [
>>> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ]
>>> service ssh-connection method keyboard-interactive [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 2 failures 0 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try method
>>> keyboard-interactive [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: keyboard-interactive devs [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge: user= [
>>> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ] devs=
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: kbdint_alloc: devices 'pam'
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug2: auth2_challenge_start: devices pam
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug2: kbdint_next_device: devices <empty>
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge_start: trying
>>> authentication method 'pam' [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 104
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx: waiting for
>>> MONITOR_ANS_PAM_INIT_CTX [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
>>> type 105 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 104
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_init_ctx
>>> May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_init_ctx entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 105
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 106
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: waiting for
>>> MONITOR_ANS_PAM_QUERY [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
>>> type 107 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 106
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_query
>>> May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_query entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: ssh_msg_recv entering
>>> May 2 17:10:42 neodymium sshd[766]: debug3: PAM: sshpam_thread_conv entering, 1
>>> messages
>>> May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_send: type 1
>>> May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_recv entering
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 107
>>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: pam_query returned
>>> 0 [preauth]
>>> May 2 17:10:42 neodymium sshd[752]: Postponed keyboard-interactive for [
>>> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ] from
>>> 192.168.10.155 port 53106 ssh2 [preauth]
>>> --
>>> Tiemen Ruiten
>>> Systems Engineer
>>> R&D Media
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> [ https://www.redhat.com/mailman/listinfo/freeipa-users |
>>> https://www.redhat.com/mailman/listinfo/freeipa-users ]
>>> Go to [ http://freeipa.org/ | http://freeipa.org ] for more info on the project
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170502/f64e83b2/attachment.htm>
More information about the Freeipa-users
mailing list