Re: Kerberos And Openssh 3.8p1 single sign-on

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 04/14/04

• Next message: Richard E. Silverman: "Re: scp only key authentication?"
• Previous message: Darren Tucker: "Re: Kerberos And Openssh 3.8p1 single sign-on"
• In reply to: Sonny Zambrana: "Kerberos And Openssh 3.8p1 single sign-on"
• Next in thread: Sonny Zambrana: "Re: Kerberos And Openssh 3.8p1 single sign-on"
• Reply: Sonny Zambrana: "Re: Kerberos And Openssh 3.8p1 single sign-on"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 14 Apr 2004 00:32:44 +0000 (UTC)

In article <0001HW.BCA1E6C000476A86F02845B0@netnews.upenn.edu>,
Sonny Zambrana <sonnyjz@isc.upenn.edu> wrote:
>I have been trying to get openssh to work with kerberos using single sign-on
>(ticket forwarding) and have been unsuccesful at it. I have been able to
>successfully compile openssh-3.8.1p1 and build it against kerberos libraries.
> I am able to use a kerberized telnet and ftp daemon and authenticate and use
>single sign-on on the server without any problems. I am also able to use the
>openssh implementation authorizing through kerberos.

Also, have you enabled credential forwarding? ie
"GSSAPIDelegateCredentials yes" in ssh_config or your $HOME/.ssh/config?
It defaults to "no".

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

---

• Next message: Richard E. Silverman: "Re: scp only key authentication?"
• Previous message: Darren Tucker: "Re: Kerberos And Openssh 3.8p1 single sign-on"
• In reply to: Sonny Zambrana: "Kerberos And Openssh 3.8p1 single sign-on"
• Next in thread: Sonny Zambrana: "Re: Kerberos And Openssh 3.8p1 single sign-on"
• Reply: Sonny Zambrana: "Re: Kerberos And Openssh 3.8p1 single sign-on"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Cannot su to root from logged in user ... # rhosts authentication should not be used ... # Kerberos TGT Passing only works with the AFS kaserver ... > OpenSSH obeys more of the AIX security restrictions than it did ... > Did you compile openssh yourself or use a pre-built package? ... (comp.security.ssh) Keberos GSS authentication not working ... I'm attempting to authenticate an ssh client running on Mac OS X 10.3 (using the default built in OpenSsh client) to a Solaris OpenSsh server using GSS Kerberos V support. ... (SSH) Kerberos And Openssh 3.8p1 single sign-on ... I have been trying to get openssh to work with kerberos using single sign-on ... successfully compile openssh-3.8.1p1 and build it against kerberos libraries. ... Openssh does not allow me to use single-signon (ticket forwarding). ... (comp.security.ssh) Kerberos 5 authentication without password? ... Is it possible to configure OpenSSH to allow a user ... the presence of a valid Kerberos 5 TGT incoming. ... and client host to itself. ... GSSAPIAuthentication yes ... (SSH) Re: Kerberos And Openssh 3.8p1 single sign-on ... >successfully compile openssh-3.8.1p1 and build it against kerberos libraries. ... >single sign-on on the server without any problems. ... >openssh implementation authorizing through kerberos. ... Good judgement comes with experience. ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2004-04