On our machines, there is not allowed to login as root via network directly. I need a ssh passphrase or - more elegant when we have kerberos - .kloginFailed gssapi-with-mic for komanek from xxx.xxx.xxx.xxx port 57360 ssh2 Time is in sync. Release versions of openssh and heimdal give the same as the latest snapshots. ".k5login" exists with correct info. What's wrong ?What do you need .k5login for. It's only needed if you want to login as another user on the remote host.
ssh -l komanek host
ssh -l root hostA
ssh -l root hostB
ssh -l root hostC
Worked like a charm with kth-krb4 and older openssh versions. Does not work anymore with heimdal due to the problems with gss api.
I do not think this is my problem - I have only one version of the key i database and the same kvno is stored in keyfile.I have a few additional questions which answering probably could help me to resolve the problem: 1. In which cases I can get the "Decrypt integrity check failed" message from gssapi and where are published hints how to resolve this ?Maybe the key / key version number doesn't match in the Heimdal database and /etc/krb5.keytab. Although I believe this would result in another error message...
Well, I laso feel, gssapi is the only possibility now, but hoped I oversaw sthg.3. Is there any other other possibility get openssh working with heimdal than gssapi (krb4 support in openssh was with no gssapi and everything worked fine) ?With older OpenSSH (pre 3.7) releases you were able to get Kerberos5 authentication with ssh protocol 1 only. It has been replaced by gssapi which only works with protocol 2.