Kerberos + SSH question
Richard E. Silverman
res at qoxp.net
Mon Jun 19 11:09:25 EDT 2006
>>>>> "Nod" == Nod <none at nospam.none> writes:
Nod> I've currently got a Heimdal KDC setup for testing. From the
Nod> testing network, I can succesfully get tickets via kinit, and ssh
Nod> with the ticket between servers. Now, I'm trying to get the
Nod> Windows desktop side working. Right now, I can authenticate
Nod> (using SecureCRT with Kerberos support) but only when I use kinit
Nod> from the Windows XP desktop. What I'm trying to do is get the
Nod> ssh server on the machine I'm accessing to carry out the kerberos
Nod> authentication, so I don't have to install kerberos software on
Nod> all our support staff's desktops, and put everyone's desktop in
Nod> the realm. Basically, ssh to the server with my kerberos
Nod> password, and have the server carry out the kerberos work for me.
So, you want to do two entirely different things. When you kinit on
Windows, you are using ticket-based authentication and you have
single-signon. Now, you do not want to use Kerberos on the clients; you
want to use password authentication (no single-signon), and have the SSH
server validate the password against Kerberos.
You have not said what SSH server you're using, or what server OS, or
indeed anything about the server at all. Assuming it's OpenSSH on Unix,
you can use this:
PasswordAuthentication yes
KerberosAuthentication yes
or, use keyboard-interactive authentication and configure PAM to use
Kerberos.
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list