SSH and Kerberos

[asch337]

I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.

I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. I can use telnet to login successfully to either server with these users. On the server lft3, I can ssh to the server using one of these users, but on lft1, I cannot. I get "access denied". To test that sshd is working correctly on lft1, I created a new user authenticated locally on lft1. I was able to login successfully with this new user on lft1 using ssh.

The files /etc/krb5/krb5.conf and /etc/ssh/sshd_config are the same on both servers.

Any advice on how to resolve this problem?

 

[asch337]

Just to clarify, from my PC, I can ssh to lft3 successfully. But, from my PC, I cannot ssh to lft1 with a user authenticated against Active Directory. I can ssh successfully to lft1 with a user that is authenticated against lft1.

 

[asch337]

There are some files on lft3 (the server that I can ssh to) that do not exist on lft1.
/usr/lib/security/KRB5A.ibm
/usr/lib/security/KRB5A_64.ibm
/usr/lib/security/KRB5_64.ibm
/usr/lib/security/methods.cfg.ibm

I tried copying these files from lft3 to lft1, but I still can't ssh to lft1.

Anyone know what the *ibm files are used for?