Date: Tue, 28 Aug 2001 20:38:53 -0500 From: "Jacques A. Vidrine" <n@nectar.com> To: Gordon Tetlow <gordont@gnf.org> Cc: hackers@freebsd.org Subject: Re: OpenSSH + Kerberos 5 + PAM Message-ID: <20010828203853.A1455@hellblazer.nectar.com> In-Reply-To: <Pine.LNX.4.33.0108281642230.30888-100000@smtp.gnf.org>; from gordont@gnf.org on Tue, Aug 28, 2001 at 04:56:06PM -0700 References: <Pine.LNX.4.33.0108281642230.30888-100000@smtp.gnf.org>
index | next in thread | previous in thread | raw e-mail
On Tue, Aug 28, 2001 at 04:56:06PM -0700, Gordon Tetlow wrote: > I like Kerberos 5 and it's ability to use tickets so I don't have to type > passwords whenever I login/su/need to authenticate myself. So it *really* > annoys me that there is a pam_krb5 module that allows you to authenticate > against a Kerberos 5 principal but it won't accept any tickets that I try > to pass to it. I've done a bit of research on the matter and am told that > it is a limitation of the PAM API. So be it. > > I suppose I can install kerberos' version of telnet/ftp/rsh/rlogin/etc, > but again, I'm lazy (I *am* a system administrator). I was thinking that > it would be nice to have Kerberos 5 authentication available in OpenSSH > since that comes with the distribution and is even enabled by default. > > So, being lazy, I decided to trawl the net seeing if I could find anyone > that has already done the work. Bingo! > http://www.sxw.org.uk/computing/patches/openssh.html The author claims > that it works with both KTH and MIT Kerberos 5 implementations (I've tried > it on MIT and it works like a charm). I was wondering if there was any > interest in integrating this, or if it is considered too large a patch. If > there is interest, I would be willing to do the legwork to try and > integrate it (although there is probably lots of cases to deal with). See also <URL:http://www.nectar.com/krb/>; for patches to openssh-portable that provide Kerberos 5 support for SSH protocols 1 and 2. I intend to integrate them at some point, but I want to fix the option handling first -- it is kind of confusing between protocol versions 1 and 2. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010828203853.A1455>