Kerberos + SSH question
Sebastian Hanigk
hanigk at in.tum.de
Thu Jun 22 15:22:53 EDT 2006
none at nospam.none (Nod) writes:
Hello,
>>To elaborate just a bit: Kerberos allows the server to believe that it is
>>talking to a particular Kerberos principal, which is a point in a
>>namespace entirely separate from the account space the host itself. The
>>decision of what, if any, local resources to allow this principal access
>>to is a separate matter. With SSH, you are asking for access to a
>>resource (account) that doesn't exist. It doesn't matter who you're
>>authenticated as; there's nothing to give you.
>
> Well, this makes a lot more sense now. Would you happen to know where
> I could find a good guide for integrating LDAP with ssh? I've been
> over a bunch of them, and just keep getting more confused by LDAP the
> more I read.
you don't have to use LDAP for the accounts service; you can
authenticate via Kerberos and then use the /etc/passwd
Regards,
Sebastian
More information about the Kerberos
mailing list