Kerberos password authentication and SSH2
Kevin Sullivan
ksulliva at psc.edu
Fri Jan 12 06:42:51 EST 2001
My site uses Kerb 4 (actually AFS) for virtually all authentication. No
users have local passwords on machines.
We'd like to start allowing SSH2 connections, but OpenSSH 2.3.0p1 will not
authenticate Kerberos passwords for SSH2 connections. In auth2.c:
#ifdef KRB4
/* turn off kerberos, not supported by SSH2 */
options.kerberos_authentication = 0;
#endif
If I remove this snippet of code, then all works as expected and SSH2 users
can authenticate. Why is this code here? Will I open a security hole by
removing the code? I understand that ticket-forwarding, etc won't work.
-Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010111/edf2fab2/attachment.bin
More information about the openssh-unix-dev
mailing list