Problems with Krb5/GSSAPI patches in FBSD 4.3
Simon Wilkinson
sxw at sxw.org.uk
Tue May 22 20:44:33 EST 2001
On Tuesday 22 May 2001 01:03, Peter Losher wrote:
> On Mon, 21 May 2001, Simon Wilkinson wrote:
> > The protocol 2 GSSAPI patch doesn't do password authentication - just
> > credentials authentication. If you're wanting to verify Kerberos
> > passwords on the server, I'd recommend looking at a different solution.
>
> Is there one that does BOTH? We use both Krb5 authentication methods for
> different uses here, so a solution that handles both would be perfect.
Not currently - We use PAM locally, and use the pam_krb5 module for password
authentication. The protocol version 1 patches do contain support for
password authentication, but I haven't updated these to 2.9p1 yet.
> Question, do you know if this patch worked with ssh.com SSH2 clients, or
> just with OpenSSH clients? As soon as I know which client to use, I'll
> send the traces over... :)
The patch only works with those clients that provide a GSSAPI keyexchange
or user authentication method. I believe that the ssh.com SSH2 clients use
their own, unpublished, methods for Kerberos authentication - so they won't
interoperate.
Cheers,
Simon.
--
Simon Wilkinson <simon at sxw.org.uk> http://www.sxw.org.uk
"A key to the understanding of all religion is that a god's idea of amusement
is Snakes and Ladders with greased rungs." - Terry Pratchett
More information about the openssh-unix-dev
mailing list