~~Using Kerberos tickets for ssh ~~
Richard E. Silverman
res at qoxp.net
Wed Mar 8 21:17:12 EST 2006
>>>>> "LI" == Logarajan <logarajan at riskspan.com> writes:
LI> Hi, I have set up a Kerberos Server. I have created user
LI> principals on the server. I am able to get the tickets for the
LI> user from the KDC. I want to use this tickets for ssh and other
LI> logins. Can anyone help me on the same, how to configure SSH to
LI> use this tickets for authentication.
The main OpenSSH supports user authentication via GSS/Kerberos. Roughly:
- Make sure the server has a host principal (host/<fqdn>@REALM) and that
key is in the server's keytab (usually /etc/krb5.keytab).
- configure server:
GSSAPIAuthentication yes
- configure client:
GSSAPIAuthentication yes
PreferredAuthentications gssapi-with-mic,gssapi,...
- Try it.
Server authentication can be kerberized as well; the Debian ssh-krb5
package has this, as well as OpenSSH with the following patch:
http://www.sxw.org.uk/computing/patches/openssh.html
For this, additionally
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list