From owner-freebsd-questions@FreeBSD.ORG Sun Jul 27 17:27:48 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9461537B401 for ; Sun, 27 Jul 2003 17:27:48 -0700 (PDT) Received: from mail.lewiz.org (pam80-1-6-195.man.dial.ntli.net [80.1.6.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A01743F3F for ; Sun, 27 Jul 2003 17:27:46 -0700 (PDT) (envelope-from lewiz@blue.lewiz.org) Received: from blue.lewiz.org ([192.168.0.11]) by mail.lewiz.org with smtp (Exim 4.20) id 19gvqy-00060O-Nj for freebsd-questions@freebsd.org; Mon, 28 Jul 2003 00:27:04 +0000 Received: (nullmailer pid 10157 invoked by uid 4001); Mon, 28 Jul 2003 00:26:49 -0000 Date: Mon, 28 Jul 2003 01:26:49 +0100 From: Lewis Thompson To: FreeBSD-questions Message-ID: <20030728002649.GA10147@lewiz.org> Mail-Followup-To: Lewis Thompson , FreeBSD-questions References: <20030727160914.GA8683@lewiz.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: <20030727160914.GA8683@lewiz.org> X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.westwood.karoo.net/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.4i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean Subject: Re: Kerberos / sshd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 00:27:49 -0000 --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 27, 2003 at 05:09:14PM +0100, Lewis Thompson wrote: > I'm trying to get sshd to authenticate users via Kerberos. I want to > do this using a forwardable ticket (I get this by doing kinit -f). I > have the necessary host/fqdn@REALM and rcmd/fqdn@REALM entries in the > krb5.keytab file in /etc. I've realised what the problem was. In order to use Kerberos support with OpenSSH (sshd) I can't use SSH2. sshing in like this: ssh -1 server works fine, doing all authentication with Kerberos tickets. Sorry for bothering people. Does anybody know why this isn't more readily documented? -lewiz. --=20 Intolerance is the last defense of the insecure. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |- --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/JG3JItq0KFQv7T8RAoSFAJ9k+riN/tELV6CCN9dpi/POG5DJbwCfWqfr bXToupv0tJFHUp6UqlQj3zo= =3TXB -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--