OpenSSH and Kerberos Questions
Joe Odenweller
joe_odenweller at hotmail.com
Tue Nov 16 10:26:38 EST 2004
I am attempting to put together an implementation of Kerberos 5 and
OpenSSH 3.8.1p1 and have question as wether I am doing it correctly.
My first step was getting Kerberos 5 operational on all the systems
involved and setting up integrated logins. Credentials are created
for host/<hostname>@<REALMNAME>, and <username>@<REALMNAME>. For the
affected accounts this allow me to keep login passwords in Kerberos
and once logged in the system has already done a kinit <username>.
My next step is to install OpenSSH 3.8.1p1 (IBM distribution) and set
parameters:
/etc/ssh/ssh_config: (on source/client)
host *
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
/etc/ssh/sshd_config: (on target/server)
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
At this point I do not have forwardable credentials. I can
successfully ssh from source to target but a klist on the target shows
no credentials. Next, back on the source/client I redo my kinit with
-f. I then do a ssh to the server/target. The session setup appears
nearly complete (observed via -vvv and -ddd ) when the session is torn
down.
My question, have I missed any setting?
More information about the Kerberos
mailing list