Kerberos V5 integration

Simon Wilkinson sxw at
Sun May 21 00:21:27 EST 2000


This is just a quick note to let people know that I've _almost_ got
Kerberos V5 working based on the patches posted to this list. I'm
currently at the stage where Kerberos principals can be used to verify
logins (ie Kerberos credentials are correctly passed), but I haven't
(yet) got ticket forwarding to work - this is the next step!

I've taken the original patches and updated then to the OpenSSH portable
2.1.0 release, replaced the calls to Heimdal specific routines, so it
builds with the MIT libraries as well, and bug fixed a number of problems
with the code. In particular anyone using the original patches should be 
careful that it doesn't check that a given principal can access a given 
local username, so allowing anyone with a valid principal for a domain
to use -l to become any user.

I'll send some patches once I've got the TGT passing working.



More information about the openssh-unix-dev mailing list