On Tue, Aug 28, 2001 at 04:56:06PM -0700, Gordon Tetlow wrote:
> I like Kerberos 5 and it's ability to use tickets so I don't have to type
> passwords whenever I login/su/need to authenticate myself. So it *really*
> annoys me that there is a pam_krb5 module that allows you to authenticate
> against a Kerberos 5 principal but it won't accept any tickets that I try
> to pass to it. I've done a bit of research on the matter and am told that
> it is a limitation of the PAM API. So be it.
>
> I suppose I can install kerberos' version of telnet/ftp/rsh/rlogin/etc,
> but again, I'm lazy (I *am* a system administrator). I was thinking that
> it would be nice to have Kerberos 5 authentication available in OpenSSH
> since that comes with the distribution and is even enabled by default.
>
> So, being lazy, I decided to trawl the net seeing if I could find anyone
> that has already done the work. Bingo!
> http://www.sxw.org.uk/computing/patches/openssh.html The author claims
> that it works with both KTH and MIT Kerberos 5 implementations (I've tried
> it on MIT and it works like a charm). I was wondering if there was any
> interest in integrating this, or if it is considered too large a patch. If
> there is interest, I would be willing to do the legwork to try and
> integrate it (although there is probably lots of cases to deal with).
Patches have been circulated on openssh-unix-dev to apply kerb5 to
the upstream OpenBSD source. In fact, krb5 support is in protocol 1
in the OpenBSD tree now, and I'd speculate that protocol 2 support
will be in by the time 3.0 ships in December, since OpenBSD 3.0 will
ship with Kerb5 (Heimdal) in the base.
--
David Terrell | "Any sufficiently advanced technology
Prime Minister, Nebcorp | is indistinguishable from a rigged demo."
[EMAIL PROTECTED] | - Brian Swetland
http://wwn.nebcorp.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
