Kerberos And Openssh 3.8p1 single sign-on

From: Sonny Zambrana (
Date: 04/14/04

Date: Tue, 13 Apr 2004 18:49:36 -0400


I have been trying to get openssh to work with kerberos using single sign-on
(ticket forwarding) and have been unsuccesful at it. I have been able to
successfully compile openssh-3.8.1p1 and build it against kerberos libraries.
 I am able to use a kerberized telnet and ftp daemon and authenticate and use
single sign-on on the server without any problems. I am also able to use the
openssh implementation authorizing through kerberos.

Openssh does not allow me to use single-signon (ticket forwarding). I've
looked around and have seen patches by Simon, (no patches for 3.8.p1) all
over the place. I have also seen the dev newsgroup and believe that this
version should be able to allow single sign-on using ssh2. . I was
wondering if anyone could lead me in the proper direction to a howto or tell
me what I am doing wrong.

Finally if you don't mind, please take a look at my sshd configuration:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

Thank you for taking the time to read through this.