Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

GSSAPI auth on AIX 4.1P1

from [Ian Clark] Network Security [Permanent Link]
Subject: GSSAPI auth on AIX 4.1P1
Date: Sat, 19 Nov 2005 10:10:40 -0000 
Hi,

I've spent the last few days playing with GSSAPI auth on an AIX 5.3
server (4.1P1) with no success, I've already got this running perfectly
using on a linux testbed system using our AD as KDC using Windows 2000
with Putty (0.56b2 GSSAPI) as a client terminal.  The AIX system is
correctly allowing users to authorise against KRB5A but the GSSAPI
single sign on from a client never seems to work.  

The debug log from SSHD fails during gssapi-with-mic as follows:

debug1: userauth-request for user ianclark service ssh-connection method
gssapi-with-mic
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method gssapi-with-mic
debug3: mm_request_send entering: type 37
debug3: mm_request_receive_expect entering: type 38
debug3: monitor_read: checking request 37
debug3: mm_request_receive entering
debug1: Miscellaneous failure
No principal in keytab matches desired name

debug3: mm_request_send entering: type 38
debug3: mm_request_receive entering

We have created a host principle and installed it in the krb5 keytab as
per normal, SSHD doesn't need a service principle ?, but what principle
is SSHD looking for and what name ?  Gssapi-with-mic is clearly being
attempted, with this error, putty returns an unable to initialise gssapi
context, yet connects to the Linux system immediately.

I'm a little confused, because our linux test worked within minutes of
configuration.

Ian
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • GSSAPI auth on AIX 4.1P1, Ian Clark <=
Previous by Date:  Re: Issue with openssh 3.5p1-6, Darren Tucker
Next by Date:  ssh-agent & bind -> Permission denied, Felix Schuster
Previous by Thread:  Issue with openssh 3.5p1-6, Ashraf Eid
Next by Thread:  ssh-agent & bind -> Permission denied, Felix Schuster
Indexes:  [Date] [Thread] [Top] [All Lists]