Kerberos And Openssh 3.8p1 single sign-on
Sonny Zambrana
sonnyjz at isc.upenn.edu
Tue Apr 13 18:46:09 EDT 2004
Hello,
I have been trying to get openssh to work with kerberos using single sign-on
(ticket forwarding) and have been unsuccesful at it. I have been able to
successfully compile openssh-3.8.1p1 and build it against kerberos libraries.
I am able to use a kerberized telnet and ftp daemon and authenticate and use
single sign-on on the server without any problems. I am also able to use the
openssh implementation authorizing through kerberos.
Openssh does not allow me to use single-signon (ticket forwarding). I've
looked around and have seen patches by Simon, (no patches for 3.8.p1) all
over the place. I have also seen the dev newsgroup and believe that this
version should be able to allow single sign-on using ssh2. . I was
wondering if anyone could lead me in the proper direction to a howto or tell
me what I am doing wrong.
Finally if you don't mind, please take a look at my sshd configuration:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
Thank you for taking the time to read through this.
More information about the Kerberos
mailing list