Openssh and Kerberos
Simon Wilkinson
sxw at dcs.ed.ac.uk
Mon Mar 25 18:15:56 EST 2002
Suchun.Wu at bmo.com wrote:
: I just compiled SSH v3.1.0p1 with the GSSAPI and opnessh patches included
: on a Solaris 8 box. It works
: fine, well I get my password authenticated by the KDC on a W2K box. But I
: have
: remarked that my credential cache in /tmp directory is owned by the root.
: Is it correct?
Errm. No. The crendtials cache should be owned by you. I take it from your
description that you are authenticating by password to the SSH server.
Are you using PAM on Solaris? Is it possible that the Kerberos authentication
is being done by the pam_krb5 module?
Are you using MIT Kerberos or Heimdal? As far as I'm aware, the patches
for 3.1p1 and MIT Kerberos won't write out any credentials cache when you
authenticate by password. This is a bug which I'm investigating, but doesn't
explain your problem.
Cheers,
Simon.
More information about the Kerberos
mailing list