Solaris ssh pam krb "bad encryption type"

Jeffrey Hutzelman jhutz at
Tue Mar 28 18:12:04 EST 2006

On Tuesday, March 28, 2006 09:28:00 PM +0000 Fletcher Cocquyt 
<fcocquyt at> wrote:

> Can anyone advise how to proceed - whether Sun's pam_krb will work, or
> how to  get a pam_krb working from RedHat's source rpms?

1. Get simpler things to work first, like using PAM for login or su.

2. Then get Sun's ssh to work.  While it is possible to make OpenSSH do
   PAM almost-correctly, you are in for a certain amount of pain.  Sun
   has already done all of this for you and then some.

3. Then, if you're concerned Sun won't keep things up to date, build your
   own.  Personally, unless you have particular reasons for needing to
   do otherwise, I'd recommend sticking with Sun's ssh.

FWIW, a year or so ago I was strongly considering pulling Sun's ssh out of 
OpenSolaris and building it for our other platforms, rather than using 
stock OpenSSH.  I probably would have had to do a certain amount of porting 
work, but it still would have saved me a lot of time and effort. 
Unfortunately, there were some issues related to the OpenSolaris rollout 
which meant we couldn't get the code in time.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA

More information about the krbdev mailing list