I'm slightly shocked to see that ssh doesn't do kerberos. Is this possible or am I being stupid?
Mike
Michael B Allen wrote:
I'm slightly shocked to see that ssh doesn't do kerberos. Is this possible or am I being stupid?
Mike
Not sure what you mean...both ssh and sshd binaries in Centos are linked against kerberos libraries and the sshd_config file has some Kerberos and GSSAPI options turned on. Maybe you are looking at some ancient openssh that does not have kerberos support on some ancient distro.
On Wed, 14 Jun 2006 11:57:44 +0800 Feizhou feizhou@graffiti.net wrote:
Michael B Allen wrote:
I'm slightly shocked to see that ssh doesn't do kerberos. Is this possible or am I being stupid?
Mike
Not sure what you mean...both ssh and sshd binaries in Centos are linked against kerberos libraries and the sshd_config file has some Kerberos and GSSAPI options turned on. Maybe you are looking at some ancient openssh that does not have kerberos support on some ancient distro.
They're both 3.9p1-8 on CentOS 4 and Fedora Core 3. Both are linking with krb5 libs. And both have GSSAPIAuthentication yes in appropriate configs.
Are there any particular command switches that I should know about?
Well at least it looks like it should work.
Mike
Are you trying to authenticate against AD or do you have a KDC on linux?
On 6/14/06, Michael B Allen mba2000@ioplex.com wrote:
On Wed, 14 Jun 2006 11:57:44 +0800 Feizhou feizhou@graffiti.net wrote:
Michael B Allen wrote:
I'm slightly shocked to see that ssh doesn't do kerberos. Is this possible or am I being stupid?
Mike
Not sure what you mean...both ssh and sshd binaries in Centos are linked against kerberos libraries and the sshd_config file has some Kerberos and GSSAPI options turned on. Maybe you are looking at some ancient openssh that does not have kerberos support on some ancient distro.
They're both 3.9p1-8 on CentOS 4 and Fedora Core 3. Both are linking with krb5 libs. And both have GSSAPIAuthentication yes in appropriate configs.
Are there any particular command switches that I should know about?
Well at least it looks like it should work.
Mike
-- Michael B Allen PHP Extension for SSO w/ Windows Group Authorization http://www.ioplex.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
It was very late last night I wasn't thinking. I just needed to add the host service principal to the kdc database.
-
Feizhou -
Joshua Gimer -
Michael B Allen