Forwarding Kerberos Credentials - SSH

Frank Cusack fcusack at
Tue Jun 17 07:07:09 EDT 2003

On Tue, 17 Jun 2003 10:27:20 +0000 (UTC) paragg at ("Parag Godkar") wrote:
> 1. Do I have to  compile openssh on all the  linux servers after
>     applying Simon Wilkinson's gss-api patch from -

Yes, if you want to use protocol 2.  If you use protocol 1, you don't
need the patches.  I highly recommend protocol 2 for Kerberos use.

> 2. When I tried to compile openssh-3.6.1p2 after applying the gss-api
>     patch on a rhlinux 9 test server, I got the following warning on running 
>     configure ( ./configure --with-kerberos5=/usr/kerberos ) script -

Those errors are "normal".

> Running "make" and "make install" does not give any errors.
> However using the newly compiled ssh server, I am not able to login 
> using kerberos credentials. Local users on the server are however
> able to login using shadow passwords.

You haven't described your setup well enough to get any help.  (Other
than the above 2 questions, however you got them both right.)  Most
importantly, you haven't described whether krb5 works at all.

Try /usr/kerberos/bin/telnet on your Linux machine and see if that works.
If not, the problem is in your krb5 setup, not openssh.


More information about the Kerberos mailing list