Forwarding Kerberos Credentials - SSH
Frank Cusack
fcusack at fcusack.com
Tue Jun 17 07:07:09 EDT 2003
On Tue, 17 Jun 2003 10:27:20 +0000 (UTC) paragg at konark.ncst.ernet.in ("Parag Godkar") wrote:
> 1. Do I have to compile openssh on all the linux servers after
> applying Simon Wilkinson's gss-api patch from -
> http://www.sxw.org.uk/computing/patches/openssh.html
Yes, if you want to use protocol 2. If you use protocol 1, you don't
need the patches. I highly recommend protocol 2 for Kerberos use.
> 2. When I tried to compile openssh-3.6.1p2 after applying the gss-api
> patch on a rhlinux 9 test server, I got the following warning on running
> configure ( ./configure --with-kerberos5=/usr/kerberos ) script -
Those errors are "normal".
> Running "make" and "make install" does not give any errors.
> However using the newly compiled ssh server, I am not able to login
> using kerberos credentials. Local users on the server are however
> able to login using shadow passwords.
You haven't described your setup well enough to get any help. (Other
than the above 2 questions, however you got them both right.) Most
importantly, you haven't described whether krb5 works at all.
Try /usr/kerberos/bin/telnet on your Linux machine and see if that works.
If not, the problem is in your krb5 setup, not openssh.
/fc
More information about the Kerberos
mailing list