OpenSSH and KerbV
Simon Wilkinson
sxw at inf.ed.ac.uk
Fri May 16 11:23:42 EST 2003
On Thu, 15 May 2003, Phil Dibowitz wrote:
> Is something special required for KerbV auth to work? I've enabled:
>
> KerberosAuthentication yes
>
> on some test boxes and it doesn't work. I do a kinit, and then ssh
> and it asks for a password. If you don't provide one, you don't get
> in.
The Kerberos V support that ships with current OpenSSH versions is only
for ssh protocol 1. You can use this by forcing your connection to use
protocol version 1 with the '-1' flag.
If you want Kerberos V support for protocol version 2, then you need
the patches available from
http://www.sxw.org.uk/computing/patches/openssh.html
> Also, the config file says that AFS (Andrew File System?) is required
> for Kerb Ticket Fwding... I'm not quite clear on why this is, and
> didn't find much in the docs... can anyone shed some light on this,
> we'd love to have KerbV ticket forwarding.
This is a hang over from the days when 'Kerberos' meant Kerberos IV.
Kerberos V can do ticket forwarding without AFS. Both the bundled stuff,
and my patches support ticket forwarding.
Cheers,
Simon.
More information about the openssh-unix-dev
mailing list