Kerberos And Openssh 3.8p1 single sign-on

Sonny Zambrana sonnyjz at isc.upenn.edu
Tue Apr 13 18:46:09 EDT 2004


Hello,

I have been trying to get openssh to work with kerberos using single sign-on 
(ticket forwarding) and have been unsuccesful at it.  I have been able to 
successfully compile openssh-3.8.1p1 and build it against kerberos libraries. 
 I am able to use a kerberized telnet and ftp daemon and authenticate and use 
single sign-on on the server without any problems.  I am also able to use the 
openssh implementation authorizing through kerberos. 

Openssh does not allow me to use single-signon (ticket forwarding).  I've 
looked around and have seen patches by Simon, (no patches for 3.8.p1) all 
over the place.  I have also seen the dev newsgroup and believe that this 
version should be able to allow single sign-on using ssh2.  .  I was 
wondering if anyone could lead me in the proper direction to a howto or tell 
me what I am doing wrong. 

Finally if you don't mind, please take a look at my sshd configuration:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

Thank you for taking the time to read through this.



More information about the Kerberos mailing list