[31256] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Problem: passwordless SSH-login with Kerberos doesn't work

daemon@ATHENA.MIT.EDU (Simon Wilkinson)
Mon Jun 15 19:20:52 2009

Message-Id: <B3A678D0-2F67-4E04-B0AE-19EF1690E65C@sxw.org.uk>
From: Simon Wilkinson <simon@sxw.org.uk>
To: Simo Sorce <ssorce@redhat.com>
In-Reply-To: <1245105690.14254.56.camel@localhost.localdomain>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Tue, 16 Jun 2009 00:19:48 +0100
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

>
> That's what sshd uses (probably through gethostname()) to determine  
> what
> principal name to search for in the keytab.

My GSSAPI KeyExchange patches (at http://www.sxw.org.uk/computing/patches/openssh.html) 
  add support for a 'GSSAPIStrictAcceptorCheck' option, which can be  
used to permit the use of any principal within the keytab. Debian,  
like many other distributors, ship with that patch as standard.

Cheers,

Simon.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31256] in Kerberos

Re: Problem: passwordless SSH-login with Kerberos doesn't work

daemon@ATHENA.MIT.EDU (Simon Wilkinson)Mon Jun 15 19:20:52 2009

daemon@ATHENA.MIT.EDU (Simon Wilkinson)
Mon Jun 15 19:20:52 2009