Date: Thu, 15 Jan 2004 12:58:02 +0300 From: Illia Baidakov <illich@newchem.ru> To: freebsd-security@freebsd.org Subject: kerberos5 authentication of ssh connections Message-ID: <287929591.20040115125802@newchem.ru>
next in thread | raw e-mail | index | archive | help
Hello freebsd-security! What is the best way to authenticate remote ssh users transparantly without typing the kinit and kdestroy commands? Using pam_krb5 works satisfactorily for local logins but makes it crooked for remote ssh ones. The comp.protocols.kerberos and comp.security.ssh newsgroups and the pam-krb5-users maillist confirm this assertion. As far as I understood that using kerberized login.krb5 tool implys removing (or hiding) native login program and substituting it by the login.krb5, say as symbolic link, isn't it? The possibility of selecting one of two or more authentication methods as in case of pam may be useful say if I need to pass users to exploiting kerberized applications gradually, and even more that when I suffering problems with my KDCs or network connections. IMHO using pam_krb5 for kerberized login is some superfluous. -- Thanks in advance Illia Baidakov.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?287929591.20040115125802>