[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] Configuring Client SSH Access Failure



DNS is OK.

I run kinit on client.example.com.
Access client.example.com from node.example.com:
ssh -v admin client example com
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information

It seems the ssh-client was trying to load /tmp/krb5cc_0. I don't run kinit on node.example.com, so there is such file. But I can find it on the client.example.com.

Can node.example.com access client.example.com without any ipa configuration?

Do I need to install ipa-client on the node.example.com? The document is wrong?

On Sat, Jan 23, 2010 at 11:54 AM, Scott <scott kaminski gmail com> wrote:

first I would verify that dns is functional both forward and reverse. 

If that is okay try doing a kinit first then try to connect. 


Sent from my iPhone

On Jan 22, 2010, at 7:34 PM, Michael Kang <wxiluo gmail com> wrote:

Hi all,

I'm trying to configure client ssh access on Fedora 12 and I can't access ipaclient without password.

I'm following this document:
http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/sect-Client_Configuration_Guide-Configuring_Fedora_as_an_IPA_Client-Configuring_Client_SSH_Access.html

At the end of this document:
The IPA client should now be fully configured to accept incoming SSH connections and authenticate with the user's Kerberos credentials. Use the following command on another machine to test the configuration. This should succeed without asking for a password.
As I see it, another machine don't need to install any ipa software and it can access ipaclient without password.

I have three Fedora machine:
The client.example.com can access ipa.example.com without password. But the node.example.com can't access client.example.com.

Do I misunderstand the document or configure incorrect?

Thanks,
Michael

--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles happen.

Personal blog: http://ufusion.org - United Fusion
_______________________________________________
Freeipa-users mailing list
Freeipa-users redhat com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles happen.

Personal blog: http://ufusion.org - United Fusion

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]