SSH + Kerberos Password auth
Douglas E. Engert
deengert at anl.gov
Fri Mar 5 02:31:27 EST 2004
Kumaresh wrote:
>
> As a follow up of the previous question, I dig the source and please
> validate my understanding.
>
> When SSH is used with GSSAPI or Kerberos password authentication, once the
> user is authenticated and after logout, if we do klist, then there are no
> keys displayed.
Normally the ticket cahce is cleaned up when th user logs out. See sshd_config
KerberosTicketCleanup yes
> I have come across the function krb5_free_principal( ). Is this the function
> that destroys the keys after the authentication is done?
>
No.
> Thanks for your answers.
>
> Regards,
> Kumar
>
> ----- Original Message -----
> From: "Kumaresh" <kumaresh_ind at gmx.net>
> To: "OpenSSH Devel List" <openssh-unix-dev at mindrot.org>
> Sent: Thursday, March 04, 2004 4:11 PM
> Subject: SSH + Kerberos Password auth
>
> > Hello,
> >
> > I have a question about SSH with Kerberos password authentication .
> >
> > Do I receive any host ticket to my client machine when I do ssh connection
> > with Kerberos password authenticaiton? If dont, why?
> >
> > If I login to remote machine through telnet with Kerberos Password
> > authentication [through PAM-kerberos], then I can see the tickets with
> > klist. But with the same setup for sshd, I cannot see the tickets with
> > klist.
> >
> > Thanks,
> > Kumaresh
> >
> >
> >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the openssh-unix-dev
mailing list