We have been using ssh1 with kerberos 5 at our site for a number of years.
We now have a situaation where a user "needs" both kerberos and RSARhosts
authentication. However, kerberos is disabled when the ssh client is suid
because of the KRB5CCNAME environment variable exploit. Has this ever
been fixed, or anyone have a patch to fix it?
We are going to start looking at ssh2 since it looks like it now has
kerberos 5 authentication. Does this have the same problem as ssh1
(ssh cannot be suid for kerberos to work)?
--
James J. Barlow <[EMAIL PROTECTED]>
Senior System Engineer
National Center for Supercomputing Applications Voice : (217)244-6403
605 East Springfield Avenue Champaign, IL 61820 Cell : (217)840-0601
http://www.ncsa.uiuc.edu/People/jbarlow Fax : (217)244-1987
