Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH and Kerberos

Status
Not open for further replies.

asch337

MIS
Oct 26, 2007
7
0
0
US
I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.

I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. I can use telnet to login successfully to either server with these users. On the server lft3, I can ssh to the server using one of these users, but on lft1, I cannot. I get "access denied". To test that sshd is working correctly on lft1, I created a new user authenticated locally on lft1. I was able to login successfully with this new user on lft1 using ssh.

The files /etc/krb5/krb5.conf and /etc/ssh/sshd_config are the same on both servers.

Any advice on how to resolve this problem?
 
Just to clarify, from my PC, I can ssh to lft3 successfully. But, from my PC, I cannot ssh to lft1 with a user authenticated against Active Directory. I can ssh successfully to lft1 with a user that is authenticated against lft1.
 
There are some files on lft3 (the server that I can ssh to) that do not exist on lft1.
/usr/lib/security/KRB5A.ibm
/usr/lib/security/KRB5A_64.ibm
/usr/lib/security/KRB5_64.ibm
/usr/lib/security/methods.cfg.ibm

I tried copying these files from lft3 to lft1, but I still can't ssh to lft1.

Anyone know what the *ibm files are used for?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top