SCIENTIFIC-LINUX-USERS Archives

January 2007

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
kerberos and ssh to fermilab
From:
Vinod Gupta <[log in to unmask]>
Reply To:
Vinod Gupta <[log in to unmask]>
Date:
Tue, 2 Jan 2007 23:24:18 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (28 lines) 
I tried to follow your instructions at: 
http://www-oss.fnal.gov/projects/fermilinux/common/kerberos.html, 
installed all the 8 rpms on a RHEL4 workstation at Princeton but ssh to 
Fermilab unix systems did not work. I am sure other people must have 
experienced similar problems. I would to share how I made it working and 
would welcome ideas to improve the steps:

a) All the three krb5 rpms installed fine but kinit -Af [log in to unmask] 
would not work until I opened all the ports from FNAL (131.225.0.0/16) 
network. I don't think we need to open all the ports, if you know 
precisely which ones please let me know.

b) When I installed all the openssh-*.SLF.*.rpm on my workstation, I was 
no longer able to ssh into my workstation using other RHEL-distributed 
ssh clients. I tried installing only openssh-clients SLF package but it 
failed due to dependency problems. I used --nodeps switch:
rpm -U --nodeps openssh-clients-3.9p1-8.SLF.4.18.i386.rpm
The package installed fine and seems to be working with existing 
RHEL-distributed dependent rpms. I had the impression that RHEL and FNAL 
ssh rpms install in their own sub-dirs and can co-exist, but apparently not.

Only after these variations from the doc in the above referred webpage, 
kinit worked and I could ssh to FNAL Unix systems without 
password/cryptocard.

Vinod
Princeton

ATOM RSS1 RSS2