1. Apply the
Kerberos patch and then the Openssh-gssapi
patch.
2. Run the autoreconf
after applying the patches. (autoreconf version should
be later than 2.50)
#autoreconf
3. #
./configure --with-pam
--with-kerberos5=<MIT Kerberos Installation path>
--sysconfdir=/etc/ssh
4.
#make
5. #make
install
No need of changing the /etc/ssh/sshd_config file. By
default it makes use
of Kerberos Authentication.
6.Start
the sshd daemon.
# /usr/local/sbin/sshd
#
7. Get a
TGT from the MIT KDC.
$./kinit -f [EMAIL PROTECTED]
Extract the service key of the host principal to
keytab file.
8.
Connect to the sshd server using ssh client
$ ssh -v hostname
Then, the ssh client contacts MIT KDC and gets a
service ticket for host. It also forwards
the TGT to the secure shell.
9. When
you type klist in the shell, then you can see the forwarded TGT.
Good Luck,
Srini
SSH Kompiling seems to be ok, i compiled it
without errors with
./configure --with-pam
--with-kerberos5=/usr/local
Befort i applied the patches and ran
autoconf.
I am not sure with these configuratioen files, is
it possible f�r you to send me yours?
Thanks,
Klaas
----- Original Message -----
Sent: Thursday, April 11, 2002 5:46
AM
Subject: RE: ssh
Run the ssh client in verbose
mode.
$ssh -v hostname
From that just try to make out when it is giving
the error.
I
dont know exactly why segmentation fault error is
comming.
May be some configuration and compilation
issue.
ok, i got openssh and two patches, one for
gssapi and one for kerberos.
i patched both succesfully and was able to
make a new configure-file
i configured and compiled it successfully
with krb5-support (--with-krb5)
and i can start the servrer successfully.
Then i try to use ssh and get
"segmentation fault" error.
Do you have an idea?
Klaas
----- Original Message -----
Sent: Wednesday, April 10, 2002
1:24 PM
Subject: RE: ssh
Srini
Hi,
where can i get ssh server and client
supporting kerberos auth for linux?
i apologize if this is a faq, but i
haven't found anything.
thanks
klaas
*********************************************************************
Disclaimer: The information in this e-mail and any attachments is
confidential / privileged. It is intended solely for the addressee or
addressees. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you should
destroy this message and kindly notify the sender by reply email. Please
advise immediately if you or your employer does not consent to Internet
email for messages of this kind.
*********************************************************************
*********************************************************************
Disclaimer: The information in this e-mail and any attachments is
confidential / privileged. It is intended solely for the addressee or
addressees. If you are not the addressee indicated in this message, you may
not copy or deliver this message to anyone. In such case, you should destroy
this message and kindly notify the sender by reply email. Please advise
immediately if you or your employer does not consent to Internet email for
messages of this kind.
*********************************************************************
