On Wed, 2007-05-23 at 14:43 -0600, Michael L Torrie wrote: > With kerberos, if everything's kerberized, life is good indeed. In fact > the other day I was surprised that I could ssh as myself to another > server and it didn't require my password. Turned out that RHEL and > CentOS 4 and 5 both have kerberized sshd by default. Once you set up > kerberos on authconfig, it just works. Combine that with judicious use > of .k5login files and you can ssh and ksu all over your servers in a > secure manner.
Actually sshd and kerberos only work if you have proper DNS resolution (forward and reverse) and have a host/* principal in the server's /etc/krb5.keytab file, which I have on all my servers for other reasons, including LDAP/Kerberos integration. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
