SSH + Kerberos Password auth

Douglas E. Engert deengert at anl.gov
Fri Mar 5 02:31:27 EST 2004 


Kumaresh wrote:
> 
> As a follow up of the previous question, I dig the source and please
> validate my understanding.
> 
> When SSH is used with GSSAPI or Kerberos password authentication, once the
> user is authenticated and after logout, if we do klist, then there are no
> keys displayed.

Normally the ticket cahce is cleaned up when th user logs out. See sshd_config
KerberosTicketCleanup yes

> I have come across the function krb5_free_principal( ). Is this the function
> that destroys the keys after the authentication is done?
> 

No. 

> Thanks for your answers.
> 
> Regards,
> Kumar
> 
> ----- Original Message -----
> From: "Kumaresh" <kumaresh_ind at gmx.net>
> To: "OpenSSH Devel List" <openssh-unix-dev at mindrot.org>
> Sent: Thursday, March 04, 2004 4:11 PM
> Subject: SSH + Kerberos Password auth
> 
> > Hello,
> >
> > I have a question about SSH with Kerberos password authentication .
> >
> > Do I receive any host ticket to my client machine when I do ssh connection
> > with Kerberos password authenticaiton? If dont,  why?
> >
> > If I login to remote machine through telnet with Kerberos Password
> > authentication [through PAM-kerberos], then I can see the tickets with
> > klist. But with the same setup for sshd, I cannot see the tickets with
> > klist.
> >
> > Thanks,
> > Kumaresh
> >
> >
> >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the openssh-unix-dev mailing list