OpenSSH won't store credentials

Srinivas Cheruku csri at sonata-software.com
Tue Mar 26 23:15:23 EST 2002


Hi,

Can anyone explain me 
How is it different from using OpenSSH with GSSAPI with and without Pam
support?
I saw people recommending using PAM. I am new to PAM and where can i get
PAM_KRB5 module.

If we have compiled OpenSSH with PAM and Kerberos5, then will the PAM_Module
get the service ticket and delegate the credentials to the secure shell. If
it is so, then what will the Simon's patch do? If the pam-module is not
delegating or authenticating then what is it doing??

Thanks in Advance.
Srini

-----Original Message-----
From: sxw at dcs.ed.ac.uk [mailto:sxw at dcs.ed.ac.uk]
Sent: 27 March 2002 00:57
To: kerberos at mit.edu
Subject: Re: OpenSSH won't store credentials


Nicolas Williams (Nicolas.Williams at ubsw.com) wrote:

: auth_krb5_password() seems to have a bug in that it tries to
: krb5_cc_resolve() 'MEMORY:'. That's not a valid ccache name in MIT krb5.

: 'MEMORY:foobar' should work.

I believe that it should really be using a file based ccache, rather than
a memory one - it just needs to wait until after its check that the user
is OK before using it.

I've updated the patch at
http://www.sxw.org.uk/computing/patches/openssh.html
to address this, and a number of other minor issues.

Cheers,

Simon.
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
*********************************************************************
Disclaimer: The information in this e-mail and any attachments is
confidential / privileged. It is intended solely for the addressee or
addressees. If you are not the addressee indicated in this message, you may
not copy or deliver this message to anyone. In such case, you should destroy
this message and kindly notify the sender by reply email. Please advise
immediately if you or your employer does not consent to Internet email for
messages of this kind.
*********************************************************************



More information about the Kerberos mailing list