You are not logged in.
I am trying to add service principals and keytabs for ssh and NFS, but I think something is not configured properly. I have zero prior experience with both krb5 and NFS, and therefore I figured ssh would be a suitable playground to test my configs.
I typed kinit on the client computer and I could see the expected tgt in klist. Then I followed the steps detailed in the arch wiki for kerberos, ssh section. After SSH-ing in to the server with my password I checked to see my klist on the client computer again, but nothing has changed.
Last login: Sun Oct 17 13:56:38 2021 from fd5b:c76b:759c::eba
[myuser@myuser-lenovo ~]$ exit
[myuser@myuser-dell ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: myuser@LAN
Valid starting Expires Service principal
2021-10-17 13:34:51 2021-10-17 23:34:51 krbtgt/LAN@LAN
renew until 2021-10-18 13:34:51I wonder what is not configured properly.
Addition to the steps taken (both for the server and the client) in the wiki referenced above, I did the following steps with remote admin:
kadmin:
addprinc -randkey host/ssh.lan@LAN
addprinc -randkey nfs/nfs.lan@LAN
ktadd host/ssh.lan
ktadd nfs/nfs.lanresults:
Entry for principal host/ssh.lan with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
Entry for principal host/ssh.lan with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
Entry for principal nfs/nfs.lan with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
Entry for principal nfs/nfs.lan with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.Last edited by itarill (2021-10-17 12:53:05)
Offline
The issues were this on each lines above:
host/ssh.lan should have been host/broken-lenovo.lan
nfs/nfs.lan should have been nfs/broken-lenovo.lan
Offline