From owner-freebsd-stable  Tue May 22 23:33:51 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from shell1.nominum.com (shell1.nominum.com [204.152.187.163])
	by hub.freebsd.org (Postfix) with ESMTP id 5573E37B424
	for <freebsd-stable@freebsd.org>; Tue, 22 May 2001 23:33:49 -0700 (PDT)
	(envelope-from Peter.Losher@nominum.com)
Received: by shell1.nominum.com (Postfix, from userid 10188)
	id 86DA522641; Tue, 22 May 2001 23:33:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by shell1.nominum.com (Postfix) with ESMTP
	id 7A16220F01; Tue, 22 May 2001 23:33:03 -0700 (PDT)
Date: Tue, 22 May 2001 23:33:03 -0700 (PDT)
From: Peter Losher <Peter.Losher@nominum.com>
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: Peter Losher <Peter.Losher@nominum.com>,
	<freebsd-stable@freebsd.org>
Subject: Re: OpenSSH and Krb5, FreeBSD style...
In-Reply-To: <20010522202722.B449@shade.nectar.com>
Message-ID: <Pine.NEB.4.33.0105222251180.7598-100000@shell1.nominum.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Tue, 22 May 2001, Jacques A. Vidrine wrote:

> though I  am not certain of  the date.  FreeBSD 4.3-RELEASE  and later
> definately have the right bits, though.

O.k., I just wanted to make sure the support was in there.

> > > If so, is there a web site (or man pages) describing what config variables
> > > etc. are needed to set this up?  I can't find it in the example ssh_config
> > > and sshd_config.
>
> You didn't  look hard enough :-)  Look around line 49  of sshd_config.
> You want  to set `KerberosAuthentication  yes' in both the  client and
> the server.

I already tried that :(  It failed, and I thought that it was perhaps for
Krb4. (I'll try it again and paste the results here)

> Unfortunately,  the `integrated  Heimdal'  package is  still far  from
> complete.   You  can  find  some  of  what  you  are  looking  for  as
> /usr/bin/k5init, k5admin,  k5su, and so on.   However, notably missing
> is a KDC and integration with any of the standard clients/daemons such
> as TELNET and FTP.  For  these additional pieces, install Heimdal from
> the ports system (/usr/ports/security/heimdal).

That's just what I need, the basic clients (and now I know where to look).
I already have a pre-existing KDC running MIT Krb5, so I don't need any
KDC functions.  I have past experience with MIT Krb5, so I have a basic
knowledge of Krb5 in general, just not how Hemdial implements it.  And I
had a heck of a time trying to figure out how it is implemented in FreeBSD.

What I am slightly worried of is having to install Krb5 support in IMAP/POP
(UW-IMAP)  As far as I can tell, that only works with MIT Kerberos.  And if
I install MIT Kerberos, and then compile UW-IMAP, I am worried that the
integrated Heimdal libs and MIT libs will clash.

Does anyone have a IMAP server running with Kerberos authentication?

Thanks - Peter
-- 
Peter.Losher@nominum.com - [ Systems Admin. | Nominum, Inc. ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message