kerberos auth for ssh2

Kevin J Kalupson kjk137 at
Wed Jul 27 20:24:57 EDT 2005

I have a few of kerberos questions. Currently, users can log in to a 
particular server via ssh and using their kerberos password.

1)My main goal is to implement kerberos authentication for ssh via 
gssapi-with-mic.  I have found a lot web sites where people claim to 
have it working, but I have not experienced success yet.
To your knowledge, should this method now work with up to date 
installations of openssh and kerberos and using ssh2?

2)I am using PAM auth modules.  Currently, users can log in using their 
kerberos password.  If I am using PAM, do I need "extra" configuration 
so that pam will ok the user that passes a gssapi-with-mic ticket is 
authenticated, or does ssh forgo PAM when configured for gssapi-with-mic 
tickets as well.

3)Are there other options besides gssapi-with-mic for ssh2 login with a 
kerberos based ticket?

4)Does the kdc have to have special knowledge of the server that is 
requesting authentication for a user via a forwarded ticket or does the 
server making the request for this sort of auth simply just need to know 
how to ask?

Thank you,
I appreciate any help.

Kevin J Kalupson  * Programmer/Analyst
                  * Information Techhnology Services
                  * Teaching and Learning with Technology
                  * Pennsylvania State University
                  * 814-863-4590

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3236 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list