NewBie Problem with SSH Single Sign on

fjauernig@gmx.de fjauernig at gmx.de
Wed May 28 10:53:46 EDT 2003


Hallo all,

I'm pretty new in kerberos, and I have some problems setting up a ssh single
sign on.

What I have:
SuSe 8.2 with Heimdal Kerberos and Openssh
Kerberos athentication is working. I can kinit against the kdc which gives
me a tgt
The pam_krb5 module is working, so I can achieve a tgt during login prozess.

What I would like to have...
When I login, and get my tgt, I would like to ssh to another host without a
need to reenter my password.

Of course I tried hard (as far as I know), to Implement this single sign on.
I edited the /etc/ssh/sshd_config, adding kerberos support, and I added
principals for both the host, and the user who should use the system. I then
exported the keytab from kadmin and copied and merged it to the keytab on the
host from which I want to ssh.

But when I trie to ssh -l user to the kdc, I alway get the message
"Permission Denied"

Does anyone has a glue where to start? Its good possible, that I would like
to have something which isn't possible the way I like to implement this.

Thanks so far

Florian



More information about the Kerberos mailing list