OpenSSH with Kerberos, without PAM
Christian Pfaffel
flash at itp.tu-graz.ac.at
Mon Sep 6 02:23:22 EDT 2004
"Ryan B. Lynch" <rlynch at bway.net> writes:
> Hi,
>
> I'm wondering if it's possible to get OpenSSH authenticating via Kerberos
> WITHOUT using PAM.
>
> I was looking through the archives of the last couple months, specifically the
> discussions on OpenSSH and krb5, but I couldn't find any references to
> working setups that didn't use PAM. Google has a lot of information, but I
> haven't found anything dealing with the PAM question specifically. The docs
> are treating me similarly.
>
This applies to OpenSSH 3.8.1p1:
# cat /etc/ssh/sshd_config
...
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
...
# cat /etc/ssh/ssh_config
Protocol 2
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
See sshd_config(5) and ssh_config(5). Additionaly You need a
krb5.keytab entry for host/fqdn at domain at the host running sshd.
Regards,
Christian
--
Christian Pfaffel <flash at itp.tu-graz.ac.at>
Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90
Institut für Theoretische Physik Telefax: +43 / 316 / 873 - 86 78
Petersgasse 16, A-8010 Graz http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg
More information about the Kerberos
mailing list