[X2Go-User] Help need with Linux-Linux Kerberos Authentication
rubens.zanatta at grad.ufsc.br
rubens.zanatta at grad.ufsc.br
Thu Jan 24 13:24:24 CET 2019
Hello again Stefan, thanks for looking into this.
> First, confirm that a regular SSH login using the same username, client,
> and server, with Kerberos enabled, works.
Yes, I am able to connect client and server though SSH with Kerberos
auth, wihtout being prompted for a password. I had changed some of the
config options you mentioned but the it was already working before and
the error still persists with X2go. The ssh verbose prompts these lines
that prove that gssapi is working:
> debug1: Next authentication method: gssapi-with-mic
> debug1: Authentication succeeded (gssapi-with-mic).
> Authenticated to newhost ([SERVER IP]:22).
> Second, can you create an account on the server that does not need to
> authenticate via Kerberos, and attempt a regular user/password or SSH
> Public Keyfile login, to see if that works? If that doesn't work, then
> your X2Go installation (server, client, or both) is botched somehow, and
> the issue is independent of Kerberos.
I'm not sure if I got that right. If you're asking me to create another
user account (on the X2Go server) and attempt a regular X2Go login,
without kerberos, then yes, it does work fine with X2Go and SSH with
password authentication.
One thing that I noticed on the SSH Logs on the server is that the
failed X2Go kerberos authentication attemps are actually sucessfull but
disconnect IMMEDIATLY after being done. This does not happen with a
password based X2Go connection. Take a look:
> Jan 24 09:43:04 newhost sshd[10146]: Authorized to remoto, krb5 principal remoto at KERBEROS.COM (krb5_kuserok)
> Jan 24 09:43:04 newhost sshd[10146]: Accepted gssapi-with-mic for remoto from [CLIENT IP] port 33428 ssh2: remoto at KERBEROS.COM
> Jan 24 09:43:04 newhost sshd[10146]: pam_unix(sshd:session): session opened for user remoto by (uid=0)
> Jan 24 09:43:04 newhost systemd-logind[554]: New session 12 of user remoto.
> Jan 24 09:43:04 newhost sshd[10210]: Received disconnect from [CLIENT IP] port 33428:11: disconnected by user
> Jan 24 09:43:04 newhost sshd[10210]: Disconnected from user remoto [CLIENT IP] port 33428
> Jan 24 09:43:04 newhost sshd[10144]: dispatch_protocol_error: type 90 seq 3 [preauth]
> Jan 24 09:43:04 newhost sshd[10146]: pam_unix(sshd:session): session closed for user remoto
> Jan 24 09:43:04 newhost systemd-logind[554]: Removed session 12.
Could this be related to that socket error mentioned on the X2Go --debug
verbose?
Regards,
Rubens.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20190124/d8cefe54/attachment.html>
More information about the x2go-user
mailing list