kerberos5 authentication of ssh connections

From: Illia Baidakov (illich_at_newchem.ru)
Date: 01/15/04

  • Next message: Poul-Henning Kamp: "Re: mtree vs tripwire"
    Date: Thu, 15 Jan 2004 12:58:02 +0300
    To: freebsd-security@freebsd.org
    
    

    Hello freebsd-security!

    What is the best way to authenticate remote ssh users transparantly
    without typing the kinit and kdestroy commands?

    Using pam_krb5 works satisfactorily for local logins but makes it
    crooked for remote ssh ones. The comp.protocols.kerberos and
    comp.security.ssh newsgroups and the pam-krb5-users maillist confirm this
    assertion.

    As far as I understood that using kerberized login.krb5 tool implys
    removing (or hiding) native login program and substituting it by the
    login.krb5, say as symbolic link, isn't it?

    The possibility of selecting one of two or more authentication methods
    as in case of pam may be useful say if I need to pass users to
    exploiting kerberized applications gradually, and even more that when
    I suffering problems with my KDCs or network connections.

    IMHO using pam_krb5 for kerberized login is some superfluous.

    -- 
    Thanks in advance Illia Baidakov.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Poul-Henning Kamp: "Re: mtree vs tripwire"