Apologies to those of you who see this twice, I posted
it first to comp.security.ssh, which I thought would
also send it to this [EMAIL PROTECTED] list, but it doesn't
appear to have happened automatically.
It looks like in ssh1 1.2.27 code has been added that
prevents the usage of kerberos authentication if the
ssh client is installed suid root. Presumably, this
is to guard against some insecurity. However, if you
install the ssh client without suid root, you can't
take advantage of .shosts. So, it seems you're
left with one or the other, but not both. Or,
you could use 1.2.26 (or simply comment out the
appropriate section from 1.2.27 code). However,
it's not clear whether this opens up a security hole.
I've searched the mailing list archive, the FAQ, and
the newsgroup comp.security.ssh archive... no luck.
Perhaps if ssh is suid root and you set an environment
variable for a kerberos thingy (credential cache file?),
you can use someone elses credentials to get authenticated?
It seems that judicious use of setuid might allow a secure
way to enable either .shosts or kerberos authentication,
using the same suid root binary.
As a kludge, two separate binaries could be installed, where
the only difference was the suid bit on one, but a more elegant
solution would be preferable.
