Using kerberized SSHD. Question.
abartlet at samba.org
abartlet at samba.org
Tue Mar 26 15:29:14 EST 2002
On Mon, Mar 25, 2002 at 04:58:31PM -0600, Austin Gonyou wrote:
> I have a kerberized SSHD installed on HOST-1, a login server for the
> outside world.
>
> How can I make it so users are still authenticated via kerberos, even
> though they haven't yet received a ticket?
>
> The main reason for this is that a user who is at home, no vpn, but has
> an ssh client could then login and be authenticated by kerberos using
> password authentication, get a ticket, then be allowed to ssh(at this
> point using a kerberized ssh client) to any kerberized sshd host,
> without entering a password.
>
> Is this possible? TIA
Depending on your platform, you may be able to use PAM and pam_krb5 to
achive this effect.
Andrew Bartlett
More information about the openssh-unix-dev
mailing list