Hi, what do the different kerberos authenticators actually do? So far I believe it is as follows: - [EMAIL PROTECTED]: requires a FORWARDABLE tgt (ticket is forward on success, but not destoyed on session close) - [EMAIL PROTECTED]: requires just a valid tgt - password: when compiled with support for kerberos, sshd2 tries to check the password with the KDC (not yet implemented?): debug: SshUnixUser/sshunixuser.c:1240/ssh_user_validate_secure_rpc_password: not yet implemented debug: SshUnixUser/sshunixuser.c:1175/ssh_user_validate_kerberos_password: krb5_get_in_tkt_with_password preauth -1765328370 debug: SshUnixUser/sshunixuser.c:1186/ssh_user_validate_kerberos_password: krb5_get_in_tkt_with_password no-preauth -1765328353 -- Norbert Klasen DFN Directory Services tel: +49 7071 29 70335 ZDV, Universität Tübingen fax: +49 7071 29 5912 Wächterstr. 76, 72074 Tübingen http://www.directory.dfn.de Germany [EMAIL PROTECTED]
