dfs/dce and openssh
Simon Wilkinson
sxw at inf.ed.ac.uk
Fri May 11 06:37:58 EST 2007
On 10 May 2007, at 12:21, Douglas E. Engert wrote:
> Perry Smith wrote:
>> I searched google and did not find any hits on this being solved.
>>
>> I want to get ssh so I can the dsa/rsa style password it in an
>> environment that uses dfs/dce authentication if that is possible (and
>> it has not already been solved). In other words, I want to be able
>> to log into a host as a dfs/dce user without typing my password.
>
>
> DCE uses Kerberos 5, so the GSSAPI code in SSH should work. Delegation
> should also work, so you can get tickets for DFS.
The problem here is that you can't use OpenSSH's DSA/RSA key-based
authentication and still have credentials on the machine that you've
logged in to. I don't know enough about DCE to be able to comment on
that specific case, but in a standard Kerberos environment, you'd
need to run 'kinit' after login in order to have credentials. There's
no way (that I'd want to deploy) of getting around this.
Simon.
More information about the openssh-unix-dev
mailing list