PATCH: Kerberos password authentication w/o KDC verification
John Hawkinson
jhawk at MIT.EDU
Sat Dec 15 09:55:04 EST 2001
R. Lindsay Todd <toddr at rpi.edu> wrote on Fri, 14 Dec 2001
at 15:27:31 -0500 in <3C1A60B3.300 at rpi.edu>:
> Folks: We use an old AFS cell with Kerberos 4. Our use of Kerberos 4 is
> I have implemented a server configuration option, KerberosVerifyServer,
> that defaults to "yes". If it is true, then the KDC is verified, as
> currently happens. If it set to "no", then the behaviour I need, of not
> verifying the KDC, is provided.
As a Kerberos4-specific option, this should have a Kerberos4-specifc name.
I would suggets "Kerberos4VerifyServer".
Please note that this is occasionally an issue for Kerberos 5, but there
is a krb5.conf variable (verify_ap_req_nofail) to control this.
--jhawk
More information about the openssh-unix-dev
mailing list