Openssh and Kerberos

Someone please at nospam.net
Tue Mar 26 02:17:10 EST 2002


Simon Wilkinson wrote:

> Suchun.Wu at bmo.com wrote:
> : I just compiled SSH v3.1.0p1 with the GSSAPI and opnessh patches included
> : on a Solaris 8 box. It works
> : fine, well I get my password authenticated by the KDC on a W2K box. But I
> : have
> : remarked that my credential cache in /tmp directory is owned by the root.
> : Is it correct?
> 
> Errm. No. The crendtials cache should be owned by you. I take it from your
> description that you are authenticating by password to the SSH server.
> 
> Are you using PAM on Solaris? Is it possible that the Kerberos authentication
> is being done by the pam_krb5 module?
> 
> Are you using MIT Kerberos or Heimdal? As far as I'm aware, the patches
> for 3.1p1 and MIT Kerberos won't write out any credentials cache when you
> authenticate by password. This is a bug which I'm investigating, but doesn't
> explain your problem.


I just wanted to add that it's great that you are working on this bug, 
if you need any beta testers let me know, I would be pleased to test.

Regards




More information about the Kerberos mailing list