Openssh, kerberos and Solaris 10

Nicolas Williams Nicolas.Williams at
Wed Aug 9 12:56:07 EDT 2006

On Wed, Aug 09, 2006 at 09:36:30AM -0700, Erich Weiler wrote:
> I am getting credentials through PAM.  That much is working.  My 
> problem, very specifically, is that:
> 1: I want SSH to automatically forward my krb5 credentials when I SSH 
> into another machine using public keys.

This makes no sense.  Why use public key authentication when you have
Kerberos V?

> 2: I don't want to use Sun SSH; I would rather use OpenSSH.  The reasons 
> for this are not applicable to this discussion.

I thought they were.  You seemed to think that SUNWssh didn't support
something that it does support.

> 3: OpenSSH can't forward Kerberos credentials without actually being 
> compiled against some sort of GSS-API, which I can't seem to do under 
> Solaris.

OpenSSH wants to use non-GSS-API, krb5 API functions that Solaris has
not made public until recent OpenSolaris builds and, I think, the latest
S10 update.

In any case, the OpenSSH autoconf scripts ( probably don't
know how to find the Solaris GSS-API library and header files.  That
would be a bug/missing feature in OpenSSH.


More information about the Kerberos mailing list