[19325] in Kerberos
NewBie Problem with SSH Single Sign on
daemon@ATHENA.MIT.EDU (fjauernig@gmx.de)
Wed May 28 10:55:05 2003
Date: Wed, 28 May 2003 16:53:46 +0200 (MEST)
From: fjauernig@gmx.de
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <4854.1054133626@www42.gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hallo all,
I'm pretty new in kerberos, and I have some problems setting up a ssh single
sign on.
What I have:
SuSe 8.2 with Heimdal Kerberos and Openssh
Kerberos athentication is working. I can kinit against the kdc which gives
me a tgt
The pam_krb5 module is working, so I can achieve a tgt during login prozess.
What I would like to have...
When I login, and get my tgt, I would like to ssh to another host without a
need to reenter my password.
Of course I tried hard (as far as I know), to Implement this single sign on.
I edited the /etc/ssh/sshd_config, adding kerberos support, and I added
principals for both the host, and the user who should use the system. I then
exported the keytab from kadmin and copied and merged it to the keytab on the
host from which I want to ssh.
But when I trie to ssh -l user to the kdc, I alway get the message
"Permission Denied"
Does anyone has a glue where to start? Its good possible, that I would like
to have something which isn't possible the way I like to implement this.
Thanks so far
Florian
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
