I can give solution for your questions 2 and 3 and i never worked with SSH2 hence cant answer 1.
Q2. Regarding installing OpenSSH with Kerberos i can help you. a. Downloaded OpenSSH from http://www.openssh.com/ and the Kerberos/GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh.html b. Extract the openssh-2.9p2.tar file and then apply the patch by #cd openssh-2.9p2 #patch -p1 < ../ openssh-2.9p2-gssapi.patch c. Configuration and Installation #pwd /sparc/usr/srinivas/openssh-2.9p2 #autoreconf autoreconf version should be later than 2.50 # ./configure --with-kerberos5=<MIT Kerberos Installation path> --sysconfdir=/etc/ssh #make #make install No need of changing the /etc/ssh/sshd_config file. By default it makes use of Kerberos Authentication. d. Start the sshd daemon. # /usr/local/sbin/sshd # e. Get a TGT from the MIT KDC. $./kinit -f [EMAIL PROTECTED] Extract the service key of the host principal to keytab file. f. Connect to the sshd server using ssh client $ ssh -v hostname Then, the ssh client contacts MIT KDC and gets a service ticket for host. It also forwards the TGT to the secure shell. g. When you type klist in the shell, then you can see the forwarded TGT. Q3. No need of creating the same user. a. you need add the principal name with which you want to access the account in .k5login b. connect using the below command $ssh -l user@REALM hostname Good Luck, Srini -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 8:59 PM To: [EMAIL PROTECTED] Subject: Question About Kerberos Hi I am new to Kerberos. Recently, I have installed a Kerberos5 version 1.2.4 on a RedHat 7.2 server with a realm name UNIVERSAL.COM. In the same server, I also installed a SSH2 version 3.1.0 from SSH Communication. I compiled the SSH2 source code with "--with-kerberos5". In addition, I also include the parameters "AllowedAuthentication [EMAIL PROTECTED], [EMAIL PROTECTED]" in the /etc/ssh2/sshd2_config. I have no problem to logon to the same machine using Kerberos authentication. To test a remote kerberize host, I have installed anonther machine with RedHat 6.2 and installed with a kerberized SSH2 version 3.1.0 with the same configuration for the /etc/ssh2/sshd2_config. However, the authentication does not work this round. (a) Can you indicate which portion is not configured correctly? (b) I was trying to installed OpenSSH but I can't find any article mention about configuring OpenSSH with Kerberos V. Where can I locate any document? (c) If I am not wrong, for each kerberize host, and allow a kerberos user to logon to this host, I need to add a same user account name in the kerberize host /etc/passwd but without password. Is it suppose to be? Thank you very much for answering my question. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos ********************************************************************* Disclaimer: The information in this e-mail and any attachments is confidential / privileged. It is intended solely for the addressee or addressees. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. ********************************************************************* ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
