openssh & kerberos & gssapi

scanell scanell at jpl.nasa.gov
Fri Oct 8 06:34:21 EST 2004


I have configured openssh --with-kerberos5=<path> --with-pam 
--with-tcp-wrapper=<path>, but when I expire my kerberos password, I do 
not get a challenge to change my password for kerberos... anyone have 
any thoughts.

I tried modifying the Make file to include -DGSSAPI 
-DHAVE_GSSAPI_GSSAPI_H -DHAVE_GSSAPI_GSSAPI_GENERIC_H because I noticed 
that the gssapi options for both ssh_config and sshd_config did not 
work, but then it still didn't do anything after including these 
variables.... which by the way, the configure program did not address 
gssapi !!

I am working with openssh3.9-p1

PS it would be nice to get a ticket with kinit and have openssh support 
single-sign-on and kerberos password change on expired passwords as it 
does with /etc/passwd and /etc/shadow.  This is currently in a Solaris 9 
environment.

Stephen E. Canell

DISCLAIMER: JPL now requires notice in all electronic communication that
all personal and professional opinions presented herein are my own and do
not, in any way, represent the opinion or policy of JPL.





More information about the openssh-unix-dev mailing list