Date: Tue, 22 May 2001 23:33:03 -0700 (PDT) From: Peter Losher <Peter.Losher@nominum.com> To: "Jacques A. Vidrine" <n@nectar.com> Cc: Peter Losher <Peter.Losher@nominum.com>, <freebsd-stable@freebsd.org> Subject: Re: OpenSSH and Krb5, FreeBSD style... Message-ID: <Pine.NEB.4.33.0105222251180.7598-100000@shell1.nominum.com> In-Reply-To: <20010522202722.B449@shade.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 May 2001, Jacques A. Vidrine wrote: > though I am not certain of the date. FreeBSD 4.3-RELEASE and later > definately have the right bits, though. O.k., I just wanted to make sure the support was in there. > > > If so, is there a web site (or man pages) describing what config variables > > > etc. are needed to set this up? I can't find it in the example ssh_config > > > and sshd_config. > > You didn't look hard enough :-) Look around line 49 of sshd_config. > You want to set `KerberosAuthentication yes' in both the client and > the server. I already tried that :( It failed, and I thought that it was perhaps for Krb4. (I'll try it again and paste the results here) > Unfortunately, the `integrated Heimdal' package is still far from > complete. You can find some of what you are looking for as > /usr/bin/k5init, k5admin, k5su, and so on. However, notably missing > is a KDC and integration with any of the standard clients/daemons such > as TELNET and FTP. For these additional pieces, install Heimdal from > the ports system (/usr/ports/security/heimdal). That's just what I need, the basic clients (and now I know where to look). I already have a pre-existing KDC running MIT Krb5, so I don't need any KDC functions. I have past experience with MIT Krb5, so I have a basic knowledge of Krb5 in general, just not how Hemdial implements it. And I had a heck of a time trying to figure out how it is implemented in FreeBSD. What I am slightly worried of is having to install Krb5 support in IMAP/POP (UW-IMAP) As far as I can tell, that only works with MIT Kerberos. And if I install MIT Kerberos, and then compile UW-IMAP, I am worried that the integrated Heimdal libs and MIT libs will clash. Does anyone have a IMAP server running with Kerberos authentication? Thanks - Peter -- Peter.Losher@nominum.com - [ Systems Admin. | Nominum, Inc. ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.33.0105222251180.7598-100000>