Using kerberized SSHD. Question.

abartlet at samba.org abartlet at samba.org
Tue Mar 26 15:29:14 EST 2002


On Mon, Mar 25, 2002 at 04:58:31PM -0600, Austin Gonyou wrote:
> I have a kerberized SSHD installed on HOST-1, a login server for the
> outside world.
> 
> How can I make it so users are still authenticated via kerberos, even
> though they haven't yet received a ticket?
> 
> The main reason for this is that a user who is at home, no vpn, but has
> an ssh client could then login and be authenticated by kerberos using
> password authentication, get a ticket, then be allowed to ssh(at this
> point using a kerberized ssh client) to any kerberized sshd host,
> without entering a password.
> 
> Is this possible? TIA

Depending on your platform, you may be able to use PAM and pam_krb5 to
achive this effect.

Andrew Bartlett










More information about the openssh-unix-dev mailing list