SSH + Kerberos Password auth
sxw at inf.ed.ac.uk
sxw at inf.ed.ac.uk
Fri Mar 5 02:09:10 EST 2004
On Thu, 4 Mar 2004, Kumaresh wrote:
> As a follow up of the previous question, I dig the source and please
> validate my understanding.
>
> When SSH is used with GSSAPI or Kerberos password authentication, once the
> user is authenticated and after logout, if we do klist, then there are no
> keys displayed.
> I have come across the function krb5_free_principal( ). Is this the function
> that destroys the keys after the authentication is done?
Err, no -that's just an internal memory destructor.
You want the "GssapiDelegateCredentials" option, or the (IIRC) -k command
line switch. Read the man pages for more details.
S.
More information about the openssh-unix-dev
mailing list