[30176] in Kerberos
Re: SSH configuration
daemon@ATHENA.MIT.EDU (Abhishek Chowdhury)
Wed Jul 30 13:29:39 2008
Message-ID: <18729232.post@talk.nabble.com>
Date: Wed, 30 Jul 2008 02:17:49 -0700 (PDT)
From: Abhishek Chowdhury <abhishek.brave@gmail.com>
To: kerberos@mit.edu
In-Reply-To: <488EF7AA.6000109@civ.zcu.cz>
MIME-Version: 1.0
X-Nabble-From: abhishek.brave@gmail.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> I am getting the initial krtgt ticket and the service ticket also when I
> am trying to do ssh. But still the ssh is asking for passowrd. I have done
> the configuration required in the ssh and sshd file.
>
>
bodik wrote:
>
> hi,
>
> I think, that you also need:
>
> * krb5.conf
> a proper configuration for your realm
>
> * sshd_config
> KerberosAuthentication yes
> KerberosOrLocalPasswd yes
> KerberosTicketCleanup yes
>
> * ssh_config
>
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
>
> * pam.d/ssh
> pam_krb5.so
>
> * krb5.keytab
> service key in keytab for host
> (to establish a trust between service and KDC)
>
>>> any pointers in this regard?
> there should be many howto's out there, but just now i cann't find any
> suitable walkthrough. but this looks fine (i didn't read it :)
>
> http://www.visolve.com/security/ssh_kerberos.php
>
> bodik
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
View this message in context: http://www.nabble.com/SSH-configuration-tp18707809p18729232.html
Sent from the Kerberos - General mailing list archive at Nabble.com.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
