Users unable to ssh using GSSAPI.
SSHD debug reports
Postponed gssapi-with-mic for <user> from <ip address> port <port> ssh2 [preauth]
debug1: Unspecified GSS failure. Minor code may provide more information
Key table entry not found
The "default_keytab_name" in /etc/krb5.conf does not point to /etc/opt/quest/vas/host.keytab
Resolution 1
Save the original krb5.conf file.
# mv /etc/krb5.conf /etc/krb5.conf.orig
Create the symlink:
# ln -s /etc/opt/quest/vas/vas.conf /etc/krb5.conf
Run this command as root:
# /opt/quest/bin/vastool -u host/ info toconf /etc/krb5.conf
Resolution 2
Save the original krb5.conf file.
# mv /etc/krb5.conf /etc/krb5.conf.orig
Create an empty file /etc/krb5.conf and add these lines:
[libdefaults]
default_realm = COMPANY.COM
default_keytab_name = /etc/opt/quest/vas/host.keytab
forwardable = true
Run this command as root:
# /opt/quest/bin/vastool -u host/ info toconf /etc/krb5.conf
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center