Openssh, kerberos and Solaris 10
Erich Weiler
weiler at soe.ucsc.edu
Tue Aug 8 22:34:41 EDT 2006
Crud, I was hoping you wouldn't say that... :(
-erich
Will Fiveash wrote:
> On Tue, Aug 08, 2006 at 04:49:14PM -0700, Erich Weiler wrote:
>> Hi all-
>>
>> I'm not sure this is the correct place to post about this but I'm
>> getting no response over an OpenSSH.org, if there is a more appropriate
>> place to post please let me know... And the people at Sun scream at me
>> for even considering openssh when they supply their own version of SSH
>> which I'm not extremely fond of.
>>
>> Basically I'd like to compile OpenSSH with Kerberos support on Solaris
>> 10. Solaris 10 comes with SEAM, Sun's port of MIT Kerberos. SEAM works
>> great, no problem there. My problem is: Does anyone know how to
>> compile openssh on Solaris with native SEAM kerberos support? There is
>> a --with-kerberos=/dir compile time option with openssh but Sun doesn't
>> seem the have a single "directory" that they keep their kerberos
>> libraries in... Not even sure they have GSSAPI at all, maybe just GSS?
>> Does anyone have any hints on this, or has anyone ever done it? Or
>> maybe a better place to post?
>
> The Kerberos API was private in Solaris for a long time because there
> were concerns about stability of the interface. Use of the GSS-API (man
> libgss) was encouraged because this was deemed more stabled and was
> described in standards docs. Things have changed and I believe Sun will
> be making the Kerberos lib API public in an upcoming Solaris 10 update.
> Still at this point on S10 you can't link an app directly to the Solaris
> Kerberos lib. Your options are to either get the MIT krb lib and link
> against that or use the native Solaris ssh which supports GSS/krb auth
> quite well (I'm using now).
>
> Note you can search docs.sun.com for more info on GSS-API programming.
More information about the Kerberos
mailing list