Openssh, kerberos and Solaris 10
Nicolas Williams
Nicolas.Williams at sun.com
Wed Aug 9 15:30:45 EDT 2006
On Wed, Aug 09, 2006 at 02:26:57PM -0500, Douglas E. Engert wrote:
>
>
> Nicolas Williams wrote:
>
> >On Wed, Aug 09, 2006 at 09:52:51AM -0500, Douglas E. Engert wrote:
> >
> >>Markus Moeller wrote:
> >>
> >>>There shouldn't be the need of compiling openssh with Kerberos as the
> >>>Solaris 10 version supports GSSAPI authentication.
> >>
> >>Yes and no. Until you want to store the delegated credential or do a
> >>krb5_userok test.
> >
> >
> >Solaris' sshd does this using __gss_userok() and gss_store_cred().
>
> Good, and that was what I was trying to the kerberos working group
> interested in before Kitten was started.
gss_store_cred() is a KITTEN WG work item.
__gss_userok() is not; should it be? It depends on a notion of "user
account," and so it's rather not so generic. But we could have an
individual submission draft targetting Informational status for
"gss_userok()"... Comments?
More information about the Kerberos
mailing list