Date: Tue, 28 Aug 2001 16:56:06 -0700 (PDT) From: Gordon Tetlow <gordont@gnf.org> To: <hackers@freebsd.org> Subject: OpenSSH + Kerberos 5 + PAM Message-ID: <Pine.LNX.4.33.0108281642230.30888-100000@smtp.gnf.org>
next in thread | raw e-mail | index | archive | help
I like Kerberos 5 and it's ability to use tickets so I don't have to type passwords whenever I login/su/need to authenticate myself. So it *really* annoys me that there is a pam_krb5 module that allows you to authenticate against a Kerberos 5 principal but it won't accept any tickets that I try to pass to it. I've done a bit of research on the matter and am told that it is a limitation of the PAM API. So be it. I suppose I can install kerberos' version of telnet/ftp/rsh/rlogin/etc, but again, I'm lazy (I *am* a system administrator). I was thinking that it would be nice to have Kerberos 5 authentication available in OpenSSH since that comes with the distribution and is even enabled by default. So, being lazy, I decided to trawl the net seeing if I could find anyone that has already done the work. Bingo! http://www.sxw.org.uk/computing/patches/openssh.html The author claims that it works with both KTH and MIT Kerberos 5 implementations (I've tried it on MIT and it works like a charm). I was wondering if there was any interest in integrating this, or if it is considered too large a patch. If there is interest, I would be willing to do the legwork to try and integrate it (although there is probably lots of cases to deal with). -gordon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0108281642230.30888-100000>