Entry repeating in tomcat logs "Kerberos username [username]"

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
1 post Page 1 of 1

Support_Josh

User avatar
Posts: 12
Joined: Thu Feb 16, 2017 11:20 am

Post by Support_Josh » Thu Dec 06, 2018 4:06 pm
Question:
I am receiving a log entry that is repeating in my logs that is saying "Kerberos username [username]" multiple times. What is the cause of this and should I be worried about the entries?
Snippet:
Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username

Answer:
That entry is being generated from the SFTP Authentication method gssapi_with_mic. When it is supported by the server and GoAnywhere MFT has not explicitly disabled it, it may be chosen for authentication against the server which can produce the log entry"Kerberos username [username]" where [username] is the user starting GoAnywhere.

To resolve this, look for SSH servers that are being used repeatedly, most likely used on a Scheduler or a Monitor. Once you have tracked down repeating SSH connections, edit the problematic resource by navigating to Resources > SSH Servers page. Then inside the resource, navigate to the Algorithms tab and select all other algorithms except gssapi_with_mic and move them to the Selected column.
gssapy-with-mic.png
gssapy-with-mic.png (28.29 KiB) Viewed 5953 times
After editing, save the resource and exit. The next time the SSH connection happens, GoAnywhere won't attempt to use the gssapi_with_mic authentication method thus not producing the line. Repeat for all SSH connections that are producing the log entry.
Joshua Przybysz
Senior Support Analyst
e. [email protected]
p. 1.800.949.4696
w. HelpSystems.com
1 post Page 1 of 1