[19432] in Kerberos
Re: Forwarding Kerberos Credentials - SSH
daemon@ATHENA.MIT.EDU (Frank Cusack)
Tue Jun 17 07:12:30 2003
From: Frank Cusack <fcusack@fcusack.com>
Date: Tue, 17 Jun 2003 04:07:09 -0700
Message-ID: <x5yznkhotcy.fsf@vger.corp.google.com>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
On Tue, 17 Jun 2003 10:27:20 +0000 (UTC) paragg@konark.ncst.ernet.in ("Parag Godkar") wrote:
> 1. Do I have to compile openssh on all the linux servers after
> applying Simon Wilkinson's gss-api patch from -
> http://www.sxw.org.uk/computing/patches/openssh.html
Yes, if you want to use protocol 2. If you use protocol 1, you don't
need the patches. I highly recommend protocol 2 for Kerberos use.
> 2. When I tried to compile openssh-3.6.1p2 after applying the gss-api
> patch on a rhlinux 9 test server, I got the following warning on running
> configure ( ./configure --with-kerberos5=/usr/kerberos ) script -
Those errors are "normal".
> Running "make" and "make install" does not give any errors.
> However using the newly compiled ssh server, I am not able to login
> using kerberos credentials. Local users on the server are however
> able to login using shadow passwords.
You haven't described your setup well enough to get any help. (Other
than the above 2 questions, however you got them both right.) Most
importantly, you haven't described whether krb5 works at all.
Try /usr/kerberos/bin/telnet on your Linux machine and see if that works.
If not, the problem is in your krb5 setup, not openssh.
/fc
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
