Is something special required for KerbV auth to work? I've enabled: KerberosAuthentication yes on some test boxes and it doesn't work. I do a kinit, and then ssh and it asks for a password. If you don't provide one, you don't get in. Also, the config file says that AFS (Andrew File System?) is required for Kerb Ticket Fwding... I'm not quite clear on why this is, and didn't find much in the docs... can anyone shed some light on this, we'd love to have KerbV ticket forwarding. And yes, we compiled OpenSSH with KerbV support. Thanks, -- Phil Dibowitz phil at ipom.com Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759
Phil Dibowitz wrote:> Is something special required for KerbV auth to work? I've enabled: > > KerberosAuthentication yesYou didn't mention which version of OpenSSH you are using. If you are using a released version, KrbV only works with SSH protocol v.1. Try "ssh -1 yourhost". You may want to try a CVS snapshot. These contain a similar level of support for SSH protocol v.2. -d
On Thu, 15 May 2003, Phil Dibowitz wrote:> Is something special required for KerbV auth to work? I've enabled: > > KerberosAuthentication yes > > on some test boxes and it doesn't work. I do a kinit, and then ssh > and it asks for a password. If you don't provide one, you don't get > in.The Kerberos V support that ships with current OpenSSH versions is only for ssh protocol 1. You can use this by forcing your connection to use protocol version 1 with the '-1' flag. If you want Kerberos V support for protocol version 2, then you need the patches available from http://www.sxw.org.uk/computing/patches/openssh.html> Also, the config file says that AFS (Andrew File System?) is required > for Kerb Ticket Fwding... I'm not quite clear on why this is, and > didn't find much in the docs... can anyone shed some light on this, > we'd love to have KerbV ticket forwarding.This is a hang over from the days when 'Kerberos' meant Kerberos IV. Kerberos V can do ticket forwarding without AFS. Both the bundled stuff, and my patches support ticket forwarding. Cheers, Simon.