[30164] in Kerberos
Re: SSH configuration
daemon@ATHENA.MIT.EDU (bodik)
Tue Jul 29 06:58:57 2008
Message-ID: <488EF7AA.6000109@civ.zcu.cz>
Date: Tue, 29 Jul 2008 12:57:46 +0200
From: bodik <bodik@civ.zcu.cz>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <694F45BD-AED4-4143-ADC9-0D98CBB4A82B@tpg.com.au>
X-ZCU-MailScanner-From: bodik@civ.zcu.cz
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
hi,
I think, that you also need:
* krb5.conf
a proper configuration for your realm
* sshd_config
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
* ssh_config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
* pam.d/ssh
pam_krb5.so
* krb5.keytab
service key in keytab for host
(to establish a trust between service and KDC)
>> any pointers in this regard?
there should be many howto's out there, but just now i cann't find any
suitable walkthrough. but this looks fine (i didn't read it :)
http://www.visolve.com/security/ssh_kerberos.php
bodik
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
