Openssh, kerberos and Solaris 10

Erich Weiler weiler at
Tue Aug 8 22:34:41 EDT 2006

Crud, I was hoping you wouldn't say that...  :(


Will Fiveash wrote:
> On Tue, Aug 08, 2006 at 04:49:14PM -0700, Erich Weiler wrote:
>> Hi all-
>> I'm not sure this is the correct place to post about this but I'm 
>> getting no response over an, if there is a more appropriate 
>> place to post please let me know...  And the people at Sun scream at me 
>> for even considering openssh when they supply their own version of SSH 
>> which I'm not extremely fond of.
>> Basically I'd like to compile OpenSSH with Kerberos support on Solaris 
>> 10.  Solaris 10 comes with SEAM, Sun's port of MIT Kerberos.  SEAM works 
>> great, no problem there.  My problem is:  Does anyone know how to 
>> compile openssh on Solaris with native SEAM kerberos support?  There is 
>> a --with-kerberos=/dir compile time option with openssh but Sun doesn't 
>> seem the have a single "directory" that they keep their kerberos 
>> libraries in...  Not even sure they have GSSAPI at all, maybe just GSS? 
>>   Does anyone have any hints on this, or has anyone ever done it?  Or 
>> maybe a better place to post?
> The Kerberos API was private in Solaris for a long time because there
> were concerns about stability of the interface.  Use of the GSS-API (man
> libgss) was encouraged because this was deemed more stabled and was
> described in standards docs.  Things have changed and I believe Sun will
> be making the Kerberos lib API public in an upcoming Solaris 10 update.
> Still at this point on S10 you can't link an app directly to the Solaris
> Kerberos lib.  Your options are to either get the MIT krb lib and link
> against that or use the native Solaris ssh which supports GSS/krb auth
> quite well (I'm using now).
> Note you can search for more info on GSS-API programming.

More information about the Kerberos mailing list