Openssh, kerberos and Solaris 10

Jeffrey Hutzelman jhutz at
Wed Aug 9 17:56:49 EDT 2006

On Wednesday, August 09, 2006 02:55:05 PM -0500 "Douglas E. Engert" 
<deengert at> wrote:

>> __gss_userok() is not; should it be?
> I would say yes. Every service needs to do this, and use the GSS creds
> to test if it can use the local resource. So it in that regards it is
> generic.

Actually, many services don't need to do this.  An SSH server may want a 
machenism-independent "userok" API to determine whether to allow access to 
a local account, but lots of services have nothing to do with local 

More information about the Kerberos mailing list