[Freeipa-users] trouble with trusts and gssapi
Rob Crittenden
rcritten at redhat.com
Tue Feb 19 03:35:57 UTC 2013
Brian Cook wrote:
> More info - attached var/log/secure, and sshd_config.
>
> Password authentication works, just gssapi fails. in the securecrt provided I have disabled password auth as an option
Create a .k5login in the home directory of your user. What I did was log
in as Administratory at AD.EXAMPLE.COM using the password, create .k5login
containing that principal, log out, then I was able to log back in using
SSO.
You should be able to add something like this to /etc/krb5.conf if you
have a lot of users you want to do SSO:
auth_to_local =
RULE:[1:$1@$0](^.*@TRUSTED.DOMAIN$)s/@TRUSTED.DOMAIN/@trusted.domain/
auth_to_local = DEFAULT
See 'info krb5-admin "Configuration Files" "krb5.conf" "realms
(krb5.conf)"' for more details and examples for auth_to_local.
rob
>
>
>
>
>
>
>
> On Feb 18, 2013, at 3:58 PM, Brian Cook <bcook at redhat.com> wrote:
>
>> I am trying to ssh from Windows - > IPA server using GSS-API. I've tried putty, which provides very little debug out. I then downloaded securecrt which provides more output.
>>
>> On the server side, I just see postponed gss-with-mic and then a failure message. I'm attaching the output from securecrt. Any help would be greatly appreciated.
>>
>> Thanks,
>> Brian
>>
>> <securecrt-out.rtf>_______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list