You are not logged in.
Hey,
I have the following setup:
Macbook Pro running Mac OS X Mountain Lion
Dell Server running an up-to-date Arch Linux
Both systems are bound to an Active Directory which is kerberized. On the Mac I just joined the domain and everything was set up automagically - on the Dell Server I installed the Archlinux from scratch and followed the guide in the Wiki for enabling the AD bind.
Both systems are able to retrieve tickets from the AD - so the basic functionality works (user log-in, ticket validation, ...)
I would like to be able to ssh from my Mac to the server using a key-based authentication (password free) and thereby foreward a (forewardable) ticket to said server to be able to use kerberized services at login e.g. kerberized NFS4, etc. without doing a kinit and type my password on the server first.
I think I enabled all the right parameters but I get stuck with an interesting problem, here is some output:
CLIENTSIDE:
ssh -v SERVER
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: An invalid name was supplied
unknown mech-code 0 for mech 1 2 752 43 14 2
debug1: Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 5 14
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: An unsupported mechanism was requested
unknown mech-code 0 for mech 1 3 5 1 5 2 7
debug1: Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 2 5SERVERSIDE:
sudo journalctl:
May 29 15:51:19 SERVER sshd[29637]: debug1: Unspecified GSS failure. Minor code may provide more information\nKey table file '/etc/krb5.keytab' notWhen I went looking for the /etc/krb5.keytab I didn't find one.
So here I am clueless due to lack of knowledge how kerberos really works. Why doesn't my SERVER running Arch linux have such a file ? And how important is that file anyway when everything else seems to work without it ?!
Any pointers into the right direction would be greatly appreciated.
yours,
Daniel
Offline