-
标题
GSS-API ssh failure on Solaris 10 -
说明
After configuring sshd for GSS-API, ssh still prompts the user for their password when trying to connect to a GSS-API enabled server.
Running "ssh -v -v -v host-b.example.com" from host-a.example.com show the following error:
Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
-
原因
The user's keytab was not created on the host-a.example.com server, which is the server they are ssh'ing from. This can be seen by running the klist command as that user, which will return an error like "klist: No credentials cache file found".
-
解决办法
The user keytab can be manually created with the kinit command if necessary. However, the user's keytab is created at login; if the user logs in to host-a.example.com with ssh or at the console, the keytab will automatically be created. Using "su -" to become the user does not create the user's keytab.