Entry repeating in tomcat logs "Kerberos username [username]"
Posted: Thu Dec 06, 2018 4:06 pm
Question:
I am receiving a log entry that is repeating in my logs that is saying "Kerberos username [username]" multiple times. What is the cause of this and should I be worried about the entries?
Snippet:
Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username
Answer:
That entry is being generated from the SFTP Authentication method gssapi_with_mic. When it is supported by the server and GoAnywhere MFT has not explicitly disabled it, it may be chosen for authentication against the server which can produce the log entry"Kerberos username [username]" where [username] is the user starting GoAnywhere.
To resolve this, look for SSH servers that are being used repeatedly, most likely used on a Scheduler or a Monitor. Once you have tracked down repeating SSH connections, edit the problematic resource by navigating to Resources > SSH Servers page. Then inside the resource, navigate to the Algorithms tab and select all other algorithms except gssapi_with_mic and move them to the Selected column.
After editing, save the resource and exit. The next time the SSH connection happens, GoAnywhere won't attempt to use the gssapi_with_mic authentication method thus not producing the line. Repeat for all SSH connections that are producing the log entry.
I am receiving a log entry that is repeating in my logs that is saying "Kerberos username [username]" multiple times. What is the cause of this and should I be worried about the entries?
Snippet:
Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username [username]: Kerberos username
Answer:
That entry is being generated from the SFTP Authentication method gssapi_with_mic. When it is supported by the server and GoAnywhere MFT has not explicitly disabled it, it may be chosen for authentication against the server which can produce the log entry"Kerberos username [username]" where [username] is the user starting GoAnywhere.
To resolve this, look for SSH servers that are being used repeatedly, most likely used on a Scheduler or a Monitor. Once you have tracked down repeating SSH connections, edit the problematic resource by navigating to Resources > SSH Servers page. Then inside the resource, navigate to the Algorithms tab and select all other algorithms except gssapi_with_mic and move them to the Selected column.
gssapy-with-mic.png (28.29 KiB) Viewed 5998 times