Re: How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

I solved my ssh GSSAPI problem.  There were a lot of solutions on google
referring to a proper fqdn in the /etc/hosts file and having the
fqdn's/principals in the kerberos server's keytab file but I found out that
my problem was that the samba4/kerberos server was running on a multi-homed
machine and that the ssh server kerberos authentication needed the
following parameter in order for it to work on multi-homed machines:

GSSAPIStrictAcceptorCheck no

The default is yes, using "no" will, according to the manpage "clients may
authenticate against any service key stored in the machine's default store."

I hope this helps others that have similar setups as I do.

Thank you all for your input.

br,
Quinn
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux