Our setup (which has worked great until a few weeks ago) is: * Windows Active Directory for LDAP and Kerberos * Clusters using Scientific Linux 4.2 * Workstations using Fedora Core 4/5 In the last couple of weeks we've seen some strange behavior. Some accounts (generally the older user accounts) are continuing to work fine. But newer accounts are no longer able to connect to any of the SL 4.2 clusters. At first I thought it was a kerberos issue, but I've been unable to find anything to point at a kerberos/LDAP problem. As far as I can tell, there is no significant difference between newer and older accounts within the LDAP directory. sshd hangs when attempting to exchange the public key. I've started sshd in debug mode with: [root@edna pam.d]# /usr/sbin/sshd -p 48000 -ddd then connected from a workstation using a "bad" account with this command: griznog@danaus ~ $ ssh -vvv -p 48000 markm@edna The sshd session logs these lines as the last bit of output before hanging: debug3: fd 4 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 331 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 the ssh session connecting has this to say: debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/griznog/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply To muddy the water some more, trying to 'su - baduser' behaves similarly, the su command hangs but it waits until something times out then succeeds. The problem doesn't exist on our FC5 workstations, either with su or ssh. If someone has any clues as to what might cause this or can provide some pointers to use while troubleshooting, I'd be grateful. Thanks, jbh John Hanks Utah State University