On Tue, Aug 28, 2001 at 04:56:06PM -0700, Gordon Tetlow wrote:
> I like Kerberos 5 and it's ability to use tickets so I don't have to type
> passwords whenever I login/su/need to authenticate myself. So it *really*
> annoys me that there is a pam_krb5 module that allows you to authenticate
> against a Kerberos 5 principal but it won't accept any tickets that I try
> to pass to it. I've done a bit of research on the matter and am told that
> it is a limitation of the PAM API. So be it.
>
> I suppose I can install kerberos' version of telnet/ftp/rsh/rlogin/etc,
> but again, I'm lazy (I *am* a system administrator). I was thinking that
> it would be nice to have Kerberos 5 authentication available in OpenSSH
> since that comes with the distribution and is even enabled by default.
>
> So, being lazy, I decided to trawl the net seeing if I could find anyone
> that has already done the work. Bingo!
> http://www.sxw.org.uk/computing/patches/openssh.html The author claims
> that it works with both KTH and MIT Kerberos 5 implementations (I've tried
> it on MIT and it works like a charm). I was wondering if there was any
> interest in integrating this, or if it is considered too large a patch. If
> there is interest, I would be willing to do the legwork to try and
> integrate it (although there is probably lots of cases to deal with).
See also
<URL:http://www.nectar.com/krb/>
for patches to openssh-portable that provide Kerberos 5 support for
SSH protocols 1 and 2. I intend to integrate them at some point, but
I want to fix the option handling first -- it is kind of confusing
between protocol versions 1 and 2.
Cheers,
--
Jacques Vidrine / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
