On Thu, 19 Jun 2003 10:22:50 -0700 Donn Cave <[EMAIL PROTECTED]> wrote: > unfortunately it doesn't interoperate with the ssh.com approach to > Kerberos 5 for protocol 2.
Which, AIUI, was rejected in the ietf for being deficient. Regardless of any deficiencies (or not) in the ssh.com approach, the GSSAPI approach is superior. I won't go into the reasons why, interested readers can do some Google research. > Secondly I think the term "forwarding" doesn't apply to the scenarios > I'm reading about here. If you log in to sshd with your Kerberos > password, the remote credentials acquired in the process are actually > local in this sense - they reside on the host that acquired them, as Right. That's not what the poster wants. That's not kerberos authentication, that's password authentication. > sshd did that. When used to authenticate to some service from there, > that's just simple basic Kerberos authentication, no forwarding needed. The original poster wants to login LOCALLY with krb5, ssh to a remote machine with KERBEROS authentication; the forwarding is needed so that on the remote machine he can subsequently obtain tickets for xyz service (say, afs). /fc ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
