Openssh, kerberos and Solaris 10
Erich Weiler
weiler at soe.ucsc.edu
Wed Aug 9 11:24:22 EDT 2006
> With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
> ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple
> authz function or a way to save the delegated creds.
>
> Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that
> approach too, then it would not need Kerberos specific code either.
The main reason I need to compile OpenSSH with krb5 is because the way I
have it working currently, OpenSSH using PAM, does not does _forward_
krb5 creds when SSHing to another machine. I have seen OpenSSH using
GSS-API auth forward creds successfully, but not using Solaris PAM...
Unless someone knows of a way I can forward kerberos TGTs using Solaris PAM?
-erich
More information about the Kerberos
mailing list