Network Security: Detailed info on OpenSSH 3.9p1 +Kerberos principal error

Subject:	OpenSSH 3.9p1 +Kerberos principal error
Date:	Wed, 11 May 2005 08:28:30 -0600

I'm having issues setting up OpenSSH to accept kerberos authentication.
I'm using Win2K AD as my KDC, and I can kinit from the server running
sshd with no problem.  However, when I try using the kerberized version
of Putty to connect, the debug log shows this:
 
May 10 16:20:07 dev2 sshd[906]: Connection from 10.1.1.215 port 2325
May 10 16:20:07 dev2 sshd[906]: debug1: Client protocol version 2.0;
client software version PuTTY-Release-0.56b2 GSSAPI Enhanced
May 10 16:20:07 dev2 sshd[906]: debug1: no match: PuTTY-Release-0.56b2
GSSAPI Enhanced
May 10 16:20:07 dev2 sshd[906]: debug1: Enabling compatibility mode for
protocol 2.0
May 10 16:20:07 dev2 sshd[906]: debug1: Local version string
SSH-1.99-OpenSSH_3.9p1
May 10 16:20:07 dev2 sshd[906]: debug2: fd 3 setting O_NONBLOCK
May 10 16:20:07 dev2 sshd[906]: debug2: Network child is on pid 908
May 10 16:20:07 dev2 sshd[906]: debug3: preauth child monitor started
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request 0
May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_moduli: got
parameters: 1024 2048 8192
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type 1
May 10 16:20:07 dev2 sshd[906]: debug2: monitor_read: 0 used once,
disabling now
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request 4
May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_sign
May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_sign: signature
0x8178aa8(143)
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type 5
May 10 16:20:07 dev2 sshd[906]: debug2: monitor_read: 4 used once,
disabling now
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request 6
May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_pwnamallow
May 10 16:20:07 dev2 sshd[906]: debug3: auth_shadow_acctexpired: today
12913 sp_expire -1 days left -12914
May 10 16:20:07 dev2 sshd[906]: debug3: account expiration disabled
May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_pwnamallow: sending
MONITOR_ANS_PWNAM: 1
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type 7
May 10 16:20:07 dev2 sshd[906]: debug2: monitor_read: 6 used once,
disabling now
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request 3
May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_authserv:
service=ssh-connection, style=
May 10 16:20:07 dev2 sshd[906]: debug2: monitor_read: 3 used once,
disabling now
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request
10
May 10 16:20:07 dev2 sshd[906]: debug3: mm_answer_authpassword: sending
result 0
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type
11
May 10 16:20:07 dev2 sshd[906]: Failed none for cfogel from 10.1.1.215
port 2325 ssh2
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request
37
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type
38
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
May 10 16:20:07 dev2 sshd[906]: debug3: monitor_read: checking request
39
May 10 16:20:07 dev2 sshd[906]: debug1: Miscellaneous failure\nWrong
principal in request\n
May 10 16:20:07 dev2 sshd[906]: debug1: Got no client credentials
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_send entering: type
40
May 10 16:20:07 dev2 sshd[906]: debug3: mm_request_receive entering
May 10 16:20:09 dev2 sshd[906]: debug3: monitor_read: checking request
10
May 10 16:20:09 dev2 sshd[906]: debug3: auth_shadow_pwexpired: today
12913 sp_lstchg 12907 sp_max 99999
May 10 16:20:09 dev2 sshd[906]: debug3: mm_answer_authpassword: sending
result 1
May 10 16:20:09 dev2 sshd[906]: debug3: mm_request_send entering: type
11
May 10 16:20:09 dev2 sshd[906]: Accepted password for cfogel from
10.1.1.215 port 2325 ssh2
May 10 16:20:09 dev2 sshd[906]: debug1: monitor_child_preauth: cfogel
has been authenticated by privileged process
 
When I provide my local password, connection finishes.  What Principal
should I be using?
 
Thanks in Advance.

<Prev in Thread]	Current Thread	[Next in Thread>
OpenSSH 3.9p1 +Kerberos principal error, Cale Fogel <=

Previous by Date:	Re: Can't scp from HPUX to AIX, Logu
Next by Date:	OpenSSH 4.0p1 ignores password authentication, kareemy
Previous by Thread:	Weird results, Abraham, Suraj
Next by Thread:	OpenSSH 4.0p1 ignores password authentication, kareemy
Indexes:	[Date] [Thread] [Top] [All Lists]