From owner-freebsd-hackers  Thu Jan 30  1:44:20 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 42C4E37B401; Thu, 30 Jan 2003 01:44:19 -0800 (PST)
Received: from sun-fish.com (border.sun-fish.com [62.176.74.114])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9E94543F3F; Thu, 30 Jan 2003 01:44:17 -0800 (PST)
	(envelope-from vladimir.terziev@sun-fish.com)
Received: from 127.0.0.1 (localhost [127.0.0.1])
	by antivirus.software (Postfix) with SMTP
	id 4968E14A09; Thu, 30 Jan 2003 10:44:05 +0100 (CET)
Received: from daemon.cmotd.com (daemon.cmotd.com [192.168.33.170])
	by sun-fish.com (Postfix) with SMTP
	id 4946114A08; Thu, 30 Jan 2003 10:44:04 +0100 (CET)
Date: Thu, 30 Jan 2003 11:44:01 +0200
From: Vladimir Terziev <vladimir.terziev@sun-fish.com>
To: hackers@FreeBSD.ORG, security@freebsd.org
Subject: Kerberos & OpenSSH+GSSAPI problem
Message-Id: <20030130114401.38eeffa2.vlady@sun-fish.com>
Organization: SunFish Ltd.
X-Mailer: Sylpheed version 0.8.6claws (GTK+ 1.2.10; )
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


	Hi hackers,

	I implement a Kerberos in my company. For the purpose I use MIT Kerberos v5, OpenSSH v3.4p1 and approriate GSSAPI patches for OpenSSH from http://www.sxw.org.uk/computing/patches/openssh.html .

	Kerbelized sshd works fine and uses Kerberos tickets for authentication when the machine have single interface. But I have some multihomed machines which participate in different domains (respectively in different Kerberos realms). Sshd on these machines refuses to use my Kerberos tickes for authentication. I think this is because GSSAPI patches for OpenSSH use hostname for forming of Kerberos principals. I my case, with mulultihomed machines, hostname is different from the one or more of the interface names of the machine.

	Does anybody have any idea how I can solve that nasty problem?

	Regards,

		Vladimir


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message