OpenSSH won't store credentials
Simon Wilkinson
sxw at dcs.ed.ac.uk
Sat Mar 23 10:58:03 EST 2002
Nicolas Williams (Nicolas.Williams at ubsw.com) wrote:
: Yes, it's possible, and you don't need Simon's OpenSSH/GSS patches to do
: this. IIRC OpenSSH has this as a builtin feature (you may need Simon's
: OpenSSH MIT/Heimdal compat patches for that to work).
You will. There's also a bug that I've just discovered in the most recent
patch that stops it from working (the user's credentials go into a
memory ccache which is never copied onto the file system). I'm currently
testing a fix.
: But you can also
: use OpenSSH with PAM and a PAM_KRB5 module, if you have PAM (and a
: suitable PAM_KRB5 module).
I'd strongly recommend using PAM if you can.
Cheers,
Simon.
More information about the Kerberos
mailing list