Openssh, kerberos and Solaris 10

Erich Weiler weiler at
Wed Aug 9 11:24:22 EDT 2006

> With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
> ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple
> authz function or a way to save the delegated creds.
> Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that
> approach too, then it would not need Kerberos specific code either.

The main reason I need to compile OpenSSH with krb5 is because the way I 
have it working currently, OpenSSH using PAM, does not does _forward_ 
krb5 creds when SSHing to another machine.  I have seen OpenSSH using 
GSS-API auth forward creds successfully, but not using Solaris PAM... 
Unless someone knows of a way I can forward kerberos TGTs using Solaris PAM?


More information about the Kerberos mailing list