Date: Thu, 30 Jan 2003 11:44:01 +0200 From: Vladimir Terziev <vladimir.terziev@sun-fish.com> To: hackers@FreeBSD.ORG, security@freebsd.org Subject: Kerberos & OpenSSH+GSSAPI problem Message-ID: <20030130114401.38eeffa2.vlady@sun-fish.com>
next in thread | raw e-mail | index | archive | help
Hi hackers, I implement a Kerberos in my company. For the purpose I use MIT Kerberos v5, OpenSSH v3.4p1 and approriate GSSAPI patches for OpenSSH from http://www.sxw.org.uk/computing/patches/openssh.html . Kerbelized sshd works fine and uses Kerberos tickets for authentication when the machine have single interface. But I have some multihomed machines which participate in different domains (respectively in different Kerberos realms). Sshd on these machines refuses to use my Kerberos tickes for authentication. I think this is because GSSAPI patches for OpenSSH use hostname for forming of Kerberos principals. I my case, with mulultihomed machines, hostname is different from the one or more of the interface names of the machine. Does anybody have any idea how I can solve that nasty problem? Regards, Vladimir To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030130114401.38eeffa2.vlady>