Kerberos & OpenSSH+GSSAPI problem
Vladimir Terziev
vladimir.terziev at sun-fish.com
Thu Jan 30 05:07:44 EST 2003
Hi All,
I implement a Kerberos as authentication system. For the purpose I use MIT Kerberos v5, OpenSSH v3.4p1 and approriate GSSAPI patches for OpenSSH from http://www.sxw.org.uk/computing/patches/openssh.html .
Kerbelized sshd works fine and uses Kerberos tickets for authentication when the machine have single interface. But I have some multihomed machines which participate in different domains (respectively in different Kerberos realms). Sshd on these machines refuses to use my Kerberos tickes for authentication. I think this is because GSSAPI patches for OpenSSH use hostname for forming of Kerberos principals. I my case, with mulultihomed machines, hostname is different from the one or more of the interface names of the machine.
Does anybody have any idea how I can solve that nasty problem?
Regards,
Vladimir
More information about the Kerberos
mailing list