ssh-krb5 problems
Douglas E. Engert
deengert at anl.gov
Wed Sep 22 10:07:04 EDT 2004
Ken Raeburn wrote:
> On Sep 21, 2004, at 17:29, rachel elizabeth dillon wrote:
>
>> 1. Are you trying to ssh as a user that exists on the other machine?
>> If the user does not exist in the other machine's /etc/passwd, then
>> I don't believe the KDC will ever be queried.
>
>
> That sounds like an undesirable leak of information from the server, if
> that's true.
>
Yes, looks like OpenSSH-3.9 in auth_gssapi.c in user_auth_gssapi test
if(!authctxt->valid ||...
and returns if not a valid local ID.
> Ken
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list