directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: Kerberized SSH keeps asking for password
Date Wed, 03 Feb 2010 19:43:13 GMT
Hi Andreas,

oh, huge log ;-)

Andreas Backman wrote:
>  [08:59:49] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Responding with Authentication Service (AS) reply:
>  	messageType:           AS_REP
>  	protocolVersionNumber: 5
>  	nonce:                 790659966
>  	clientPrincipal:       andreas@KPLATSEN.LOCAL
>  	client realm:          KPLATSEN.LOCAL
>  	serverPrincipal:       krbtgt/KPLATSEN.LOCAL@KPLATSEN.LOCAL
>  	server realm:          KPLATSEN.LOCAL
>  	auth time:             20100203075949Z
>  	start time:            null
>  	end time:              20100204075942Z
>  	renew-till time:       null
>  	hostAddresses:         null
here you got the TGT...

>  [09:00:26] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Responding with Ticket-Granting Service (TGS) reply:
>  	messageType:           TGS_REP
>  	protocolVersionNumber: 5
>  	nonce:                 1265184026
>  	clientPrincipal:       andreas@KPLATSEN.LOCAL
>  	client realm:          KPLATSEN.LOCAL
>  	serverPrincipal:       host/sa-1.base.kplatsen.local@KPLATSEN.LOCAL
here you got the service ticket...

>  [09:00:46] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Integrity check on decrypted field failed (31)
>  org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Integrity
check on decrypted field failed
...
>  [09:00:46] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Responding to request with error:
>  	explanatory text:      Integrity check on decrypted field failed
>  	error code:            31
>  	clientPrincipal:       null
>  	client time:           null
>  	serverPrincipal:       krbtgt/KPLATSEN.LOCAL@KPLATSEN.LOCAL
>  	server time:           20100203080046Z
I guess there is a problem with your keys. Could you please verify that 
your sshd keytab is ok? You could also try to run sshd in debug mode.

BTW: I was able to get a kerberized SSHD running (on localhost) and 
updated the guide [1].

Kind Regards,
Stefan


[1]http://cwiki.apache.org/DIRxINTEROP/kerberos-authentication-to-sshd.html




Mime
View raw message