libraries in... Not even sure they have GSSAPI at all, maybe just GSS?
Does anyone have any hints on this, or has anyone ever done it? Or
maybe a better place to post?
The Kerberos API was private in Solaris for a long time because there
were concerns about stability of the interface.
On Wed, Aug 09, 2006 at 11:08:11AM -0500, Douglas E. Engert wrote:
Another comment, if the problem is the Solaris 10 sshd is not saving
the forwarded credentials, it could be the pam.conf is not configured
correctly. sshd calls pam with a number of different services names,
including
There shouldn't be the need of compiling openssh with Kerberos as the
Solaris 10 version supports GSSAPI authentication.
Markus
Erich Weiler [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi all-
I'm not sure this is the correct place to post about this but I'm
getting no
Erich Weiler wrote:
Hi all-
I'm not sure this is the correct place to post about this but I'm
getting no response over an OpenSSH.org, if there is a more appropriate
place to post please let me know... And the people at Sun scream at me
for even considering openssh when they supply
Markus Moeller wrote:
There shouldn't be the need of compiling openssh with Kerberos as the
Solaris 10 version supports GSSAPI authentication.
Yes and no. Until you want to store the delegated credential or do a
krb5_userok test.
With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple
authz function or a way to save the delegated creds.
Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that
approach too, then it would not need
Erich Weiler wrote:
With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and
ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple
authz function or a way to save the delegated creds.
Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that
approach too, then it
Another comment, if the problem is the Solaris 10 sshd is not saving
the forwarded credentials, it could be the pam.conf is not configured
correctly. sshd calls pam with a number of different services names,
including sshd-password, sshd-gssapi, sshd-kdbint. (If one of these
is not found, other
On Wed, Aug 09, 2006 at 09:52:51AM -0500, Douglas E. Engert wrote:
Markus Moeller wrote:
There shouldn't be the need of compiling openssh with Kerberos as the
Solaris 10 version supports GSSAPI authentication.
Yes and no. Until you want to store the delegated credential or do a
On Wednesday, August 09, 2006 11:56:07 AM -0500 Nicolas Williams
[EMAIL PROTECTED] wrote:
On Wed, Aug 09, 2006 at 09:36:30AM -0700, Erich Weiler wrote:
I am getting credentials through PAM. That much is working. My
problem, very specifically, is that:
1: I want SSH to automatically
Erich Weiler wrote:
1: I want SSH to automatically forward my krb5 credentials when I SSH
into another machine using public keys.
Don't think OpenSSH will do this either with out mods.
Kerberos mailing list
Nicolas Williams wrote:
On Wed, Aug 09, 2006 at 02:26:57PM -0500, Douglas E. Engert wrote:
Nicolas Williams wrote:
On Wed, Aug 09, 2006 at 09:52:51AM -0500, Douglas E. Engert wrote:
Markus Moeller wrote:
There shouldn't be the need of compiling openssh with Kerberos as the
Solaris 10
On Wed, Aug 09, 2006 at 02:55:05PM -0500, Douglas E. Engert wrote:
Nicolas Williams wrote:
gss_store_cred() is a KITTEN WG work item.
__gss_userok() is not; should it be?
I would say yes. Every service needs to do this, and use the GSS creds
to test if it can use the local resource. So
On Wednesday, August 09, 2006 02:55:05 PM -0500 Douglas E. Engert
[EMAIL PROTECTED] wrote:
__gss_userok() is not; should it be?
I would say yes. Every service needs to do this, and use the GSS creds
to test if it can use the local resource. So it in that regards it is
generic.
Actually,
Hi all-
I'm not sure this is the correct place to post about this but I'm
getting no response over an OpenSSH.org, if there is a more appropriate
place to post please let me know... And the people at Sun scream at me
for even considering openssh when they supply their own version of SSH
libraries in... Not even sure they have GSSAPI at all, maybe just GSS?
Does anyone have any hints on this, or has anyone ever done it? Or
maybe a better place to post?
Solaris supports GSS-API but does not expose the Kerberos API or any of
the Kerberos mechanism-specific extensions. So
On Tue, Aug 08, 2006 at 04:49:14PM -0700, Erich Weiler wrote:
Hi all-
I'm not sure this is the correct place to post about this but I'm
getting no response over an OpenSSH.org, if there is a more appropriate
place to post please let me know... And the people at Sun scream at me
for even
Crud, I was hoping you wouldn't say that... :(
-erich
Will Fiveash wrote:
On Tue, Aug 08, 2006 at 04:49:14PM -0700, Erich Weiler wrote:
Hi all-
I'm not sure this is the correct place to post about this but I'm
getting no response over an OpenSSH.org, if there is a more appropriate
place
18 matches
Mail list logo
