krb5_sname_to_principal or LDAP/SASL/GSSAPI and reverse DNS
Neulinger, Nathan
nneul at umr.edu
Wed Apr 9 11:01:29 EDT 2003
If the ssh server were bound specifically to the interface with the
cluster address instead of to 0.0.0.0, do you think that would help any?
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Matt Crawford [mailto:crawdad at fnal.gov]
> Sent: Wednesday, April 09, 2003 9:41 AM
> To: Neulinger, Nathan
> Cc: John Hascall; krbdev; Sam Hartman
> Subject: Re: krb5_sname_to_principal or LDAP/SASL/GSSAPI and
> reverse DNS
>
>
> > SSH w/ gssapi forwarding does not work... On the server side, it
> > complains about misc failure, wrong principal in request, got no
> > client creds, then closes the connection.
>
> It's tough to write a GSS service in a way that will accept whatever
> valid service name the client may call it by. The straightforward
> approach chooses the service's name before getting any token from the
> client.
>
More information about the krbdev
mailing list