Krb5-authentication and Kerb5-TGT-passing is working well with openssh-2.3.0p1. Question: Is there a solution using rdist -P "/usr/local/bin/ssh" without the need for RhostRSAAuthentication, RSAAuthentication or using the Kerberos r-command set? The objective is to do away with ".rhosts/.shost" and private-key authentication when Kerberos authentication is already in place. Using the Kerberos r-command set leads to more work and maintenance on ACLs. Best Herman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010416/7182b13c/attachment.html
> Krb5-authentication and Kerb5-TGT-passing is working well with > openssh-2.3.0p1. > > Question: Is there a solution using rdist -P "/usr/local/bin/ssh" without the > need for RhostRSAAuthentication, RSAAuthentication or using the Kerberos > r-command set?If you've got Kerberos authentication correctly set up and the principal you're using maps to the local user you're accessing, this should just work. You'll need to kinit before running rdist, and after that you should not need to enter a password until your credentials expire. Cheers, Simon.