> With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and > ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple > authz function or a way to save the delegated creds. > > Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that > approach too, then it would not need Kerberos specific code either.
The main reason I need to compile OpenSSH with krb5 is because the way I have it working currently, OpenSSH using PAM, does not does _forward_ krb5 creds when SSHing to another machine. I have seen OpenSSH using GSS-API auth forward creds successfully, but not using Solaris PAM... Unless someone knows of a way I can forward kerberos TGTs using Solaris PAM? -erich ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
