Problem: passwordless SSH-login with Kerberos doesn't work
Simon Wilkinson
simon at sxw.org.uk
Mon Jun 15 19:19:48 EDT 2009
>
> That's what sshd uses (probably through gethostname()) to determine
> what
> principal name to search for in the keytab.
My GSSAPI KeyExchange patches (at http://www.sxw.org.uk/computing/patches/openssh.html)
add support for a 'GSSAPIStrictAcceptorCheck' option, which can be
used to permit the use of any principal within the keytab. Debian,
like many other distributors, ship with that patch as standard.
Cheers,
Simon.
More information about the Kerberos
mailing list