Openssh, kerberos and Solaris 10

Will Fiveash William.Fiveash at
Tue Aug 8 22:17:38 EDT 2006

On Tue, Aug 08, 2006 at 04:49:14PM -0700, Erich Weiler wrote:
> Hi all-
> I'm not sure this is the correct place to post about this but I'm 
> getting no response over an, if there is a more appropriate 
> place to post please let me know...  And the people at Sun scream at me 
> for even considering openssh when they supply their own version of SSH 
> which I'm not extremely fond of.
> Basically I'd like to compile OpenSSH with Kerberos support on Solaris 
> 10.  Solaris 10 comes with SEAM, Sun's port of MIT Kerberos.  SEAM works 
> great, no problem there.  My problem is:  Does anyone know how to 
> compile openssh on Solaris with native SEAM kerberos support?  There is 
> a --with-kerberos=/dir compile time option with openssh but Sun doesn't 
> seem the have a single "directory" that they keep their kerberos 
> libraries in...  Not even sure they have GSSAPI at all, maybe just GSS? 
>   Does anyone have any hints on this, or has anyone ever done it?  Or 
> maybe a better place to post?

The Kerberos API was private in Solaris for a long time because there
were concerns about stability of the interface.  Use of the GSS-API (man
libgss) was encouraged because this was deemed more stabled and was
described in standards docs.  Things have changed and I believe Sun will
be making the Kerberos lib API public in an upcoming Solaris 10 update.
Still at this point on S10 you can't link an app directly to the Solaris
Kerberos lib.  Your options are to either get the MIT krb lib and link
against that or use the native Solaris ssh which supports GSS/krb auth
quite well (I'm using now).

Note you can search for more info on GSS-API programming.

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the Kerberos mailing list