Aw: Kerberized SSH on Solaris 8
Austin Gonyou
austin at coremetrics.com
Fri May 17 15:18:10 EDT 2002
That is not entirely true. You should be able to use ticket passing on
that platform as well, provided you have full krb5 support in SSH(pref
openssh). There are instances though, when utilizing pam + krb, that
using incorrect options or pam modules in the incorrect order, etc, will
force you to login with username and password, though, still
authenticating you to the KDC.
So as for passing TGS info to that system, depending on how you're
sshd-pam module is setup, it can be good or bad. While on the box
though, you can SSH to another box, if setup properly with ssh and
kerberos, and it should allow you to login by ticket passing alone.
In our environment it was a lot of trial and error, so this is my
experience with it so far.
On Fri, 2002-05-17 at 03:24, Klaas Hagemann wrote:
> Hi,
>
> i am not familiar with Solaris, but as far as i understood it you
> will not
> be able to get ticket based authentication by simply useing
> pam_krb5 within
> SSH.
> pam_krb5 allows you to check your password against Kerberos and to
> get a
> tgt
> at login. So if you use pam_krb5 in ssh and log in by ssh
> you will have to enter username and passwort and then you will get
> a tgt.
>
> Klaas
> ----- Original Message -----
> > From: "Marc" <syn_uw at NOSPAM_hotmail.com>
> > To: <kerberos at mit.edu>
> > Sent: Friday, May 17, 2002 9:57 AM
> > Subject: Kerberized SSH on Solaris 8
> >
> >
> > > Hello,
> > >
> > > What method would you recommend to enable Kerberos 5 in SSH on a
> Solaris
> > > 8 ? Simply use pam_krb5 within PAM ?
> > >
> > > Regards
> > >
> > > ________________________________________________
> > > Kerberos mailing list Kerberos at mit.edu
> > > http://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com
"One ought never to turn one's back on a threatened danger and
try to run away from it. If you do that, you will double the danger.
But if you meet it promptly and without flinching, you will
reduce the danger by half."
Sir Winston Churchill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20020517/d0fc81b8/attachment.bin
More information about the Kerberos
mailing list