Versions Compared

Old Version 8

changes.mady.by.user Stefan Paetow

Saved on

compared with

New Version 9

changes.mady.by.user Stefan Paetow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Numberedheadings

System Preparation

Installing the Kerberos GSSAPI client and server utility

RedHat, CentOS or Scientific Linux

On RedHat, CentOS or Scientific Linux, install the Kerberos GSSAPI utilities by running the following command (as root):

bash

Debian or Ubuntu

On Debian or Ubuntu, install the Kerberos GSSAPI utilities by running the following command (as root):

bash

Troubleshooting

To troubleshoot a GSSAPI connection, you require two separate terminals.

Terminal 1 - As root

  1. In the first terminal, as root, run the following command:

  2. You should now have the following output with no prompt:

Terminal 2 - As your test user

In an X environment

When you launch a terminal from X, e.g. a Gnome or KDE desktop session, the behaviour is different to a pure text environment. This is also the case when you use SSH to connect to a remote server and use display forwarding.

  1. In a second terminal, as your test user, run the following command:

    powershell

  2. You should now be prompted to select an identity in the . Choose one that will authenticate locally.

In a non-X

environment (and

environment

In a pure command-line environment with no display forwarding

)

available, the

identity is selected from

Moonshot Identity Selector is not available. Instead, you use the .gss_eap_id file

in the test user's home directory. Create this file

to test your environment.

  1. In the second terminal, as your test user, create the .gss_eap_id file in your home directory with the following content:

    In X, you should now be prompted to select an identity in the . Choose one that will authenticate locally.

    File naming

    Double-check the file name you use. Incorrect naming of the file is a common mistake. The file name is .gss_eap_id

  2. Then run the following command:

    powershell

GSS Output

After selecting your identity, you should now see output in both terminals.

Successful output

  1. In Terminal 1, the output should scroll rapidly with a lot of hex text before ending with something similar to the following:

  2. In Terminal 2, the output looks similar to the below (in this example, the hostname is debian7x64.localdomain):

Failed output

If the GSSAPI connection failed, you may see one or more errors in either window.

  1. In Terminal 1, you should see one or more messages similar to the below:

  2. In Terminal 2, you should see one or more error messages similar to the below:

Now you will need to diagnose why the error occurred.

Still under construction