OpenSSH 3.7, kerberos thru pam
Donn Cave
donn at drizzle.com
Fri Feb 13 00:12:48 EST 2004
Quoth apseyed at bu.edu (Patrice Seyed):
| I'm running openssh-3.7.1p1, /etc/pam.d/authconfig is syntactically
| correct regarding pam_kerb5.so, and /etc/krb5.conf and /etc/krb.conf are a
| pristine working config from another linux system. (oh running
| 2.4.21-4.0.1.ELsmp also here).
|
| so kerberos will only work/authenticate properly with this setup when i
| uncomment in
| /etc/ssh/sshd_config:
| KerberosAuthentication yes
Yes.
| i think is the mechanism for going around PAM though.
Yes.
As I understand it, PAM is not Kerberos authentication in the sense
that your ssh client uses your local credentials to get a service ticket
for the remote sshd. Rather, it is password authentication - your
password goes across the wire to the remote sshd - where the Kerberos
module acts as a proxy client+server to validate the password.
Donn Cave, donn at drizzle.com
More information about the Kerberos
mailing list