On further testing, I get these errors when trying to renew the ms2mit tgt (using 'kinit -R' from both krb5-1.3.1 and kfw 2.5):
kinit(v5): No credentials found with supported encryption types while renewing credentials and with 'leash32 -r' I get a popup window with errors: No credentials found with supported encryption types (Kerberos error 200) krb5_get_renewed_creds() failed So I'm guessing ms2mit encrypts its tgt with an algo. not supported by krb5-1.3.1? The weird thing is, even leash32 can't renew ms2mit's tgt. And on checking the file sizes, I get: krb5's kinit tgt size: 2286 bytes kfw's ms2mit tgt size: 1179 bytes So any ideas? thanks again, regards King Lung Chiu > Hi, > > I'm testing out kerberised openssh on cygwin with both krb5 1.3.1 and kfw. > > I can use krb5-1.3.1's kinit no problems, and the tgt allows passwordless > ssh from cygwin to a linux machine. > > But when I use tgt from kfw's ms2mit, passwordless ssh stops working (ie. > it Basks for a password). > > For kfw, I've set krb5.ini so it's the same as krb5.conf from my cygwin > krb5 1.3.1 install. Before running ssh, I also set KRB5CCNAME so it points > to the correct location (klist shows OK). > > So my problem is tgt from krb5-1.3.1 is OK, but the tgt from ms2mit does > not seem to work. > > Any ideas? (please see below for the ssh -vvv output using the ms2mit tgt) > > regards > > King Lung Chiu > > > ... > debug1: Authentications that can continue: > publickey,gssapi,password,keyboard-interactive > debug3: start over, passed a different list > publickey,gssapi,password,keyboard-interactive > debug3: preferred gssapi,publickey,keyboard-interactive,password > debug3: authmethod_lookup gssapi > debug3: remaining preferred: publickey,keyboard-interactive,password > debug3: authmethod_is_enabled gssapi > debug1: Next authentication method: gssapi > debug2: we sent a gssapi packet, wait for reply > debug1: Miscellaneous failure > No credentials found with supported encryption types > > debug1: Trying to start again > debug2: we sent a gssapi packet, wait for reply > debug1: Authentications that can continue: > publickey,gssapi,password,keyboard-interactive > debug2: we did not send a packet, disable method > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/chi145/.ssh/identity > debug3: no such identity: /home/chi145/.ssh/identity > debug1: Trying private key: /home/chi145/.ssh/id_rsa > debug3: no such identity: /home/chi145/.ssh/id_rsa > debug1: Trying private key: /home/chi145/.ssh/id_dsa > debug3: no such identity: /home/chi145/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: password > debug3: authmethod_is_enabled keyboard-interactive > debug1: Next authentication method: keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Password: > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
