Openssh, kerberos and Solaris 10
Nicolas Williams
Nicolas.Williams at sun.com
Wed Aug 9 12:56:07 EDT 2006
On Wed, Aug 09, 2006 at 09:36:30AM -0700, Erich Weiler wrote:
> I am getting credentials through PAM. That much is working. My
> problem, very specifically, is that:
>
> 1: I want SSH to automatically forward my krb5 credentials when I SSH
> into another machine using public keys.
This makes no sense. Why use public key authentication when you have
Kerberos V?
> 2: I don't want to use Sun SSH; I would rather use OpenSSH. The reasons
> for this are not applicable to this discussion.
I thought they were. You seemed to think that SUNWssh didn't support
something that it does support.
> 3: OpenSSH can't forward Kerberos credentials without actually being
> compiled against some sort of GSS-API, which I can't seem to do under
> Solaris.
OpenSSH wants to use non-GSS-API, krb5 API functions that Solaris has
not made public until recent OpenSolaris builds and, I think, the latest
S10 update.
In any case, the OpenSSH autoconf scripts (configure.ac) probably don't
know how to find the Solaris GSS-API library and header files. That
would be a bug/missing feature in OpenSSH.
Nico
--
More information about the Kerberos
mailing list