Kerberos + SSH question

Sebastian Hanigk hanigk at
Thu Jun 22 15:22:53 EDT 2006

none at nospam.none (Nod) writes:


>>To elaborate just a bit: Kerberos allows the server to believe that it is
>>talking to a particular Kerberos principal, which is a point in a
>>namespace entirely separate from the account space the host itself.  The
>>decision of what, if any, local resources to allow this principal access
>>to is a separate matter.  With SSH, you are asking for access to a
>>resource (account) that doesn't exist.  It doesn't matter who you're
>>authenticated as; there's nothing to give you.
> Well, this makes a lot more sense now. Would you happen to know where
> I could find a good guide for integrating LDAP with ssh? I've been
> over a bunch of them, and just keep getting more confused by LDAP the
> more I read.

you don't have to use LDAP for the accounts service; you can
authenticate via Kerberos and then use the /etc/passwd



More information about the Kerberos mailing list