heimdal (kerberos) with openssh
i am using suse professional 9.1. i have installed heimdal (kerberos) from the distribution cdroms on a realm server. i have installed openssh from the distribution cdroms on all hosts. all the hosts are kerberos clients authentication and ticket granting appear to be working fine on all hosts. if i am reading the suse manual correctly, i should be able to slogin between hosts without being asked for a password. this is actually working from any host to the kerberos server! however, slogin from the server to any other host and slogin between any two (non-server) hosts prompts for a password. i have recompiled openssh --with-pam --with-kerberos5=/usr/lib/heimdal but to no avail. the same prompting for password occurs. any suggestions would be appreciated! __________________________________ Do you Yahoo!? Yahoo! Sports - Sign up for Fantasy Baseball. http://baseball.fantasysports.yahoo.com/
Hi Paul! On Mar 23, 2005, at 5:36 PM, paul kaiser wrote:
i am using suse professional 9.1.
i have installed heimdal (kerberos) from the distribution cdroms on a realm server. i have installed openssh from the distribution cdroms on all hosts. all the hosts are kerberos clients
authentication and ticket granting appear to be working fine on all hosts. if i am reading the suse manual correctly, i should be able to slogin between hosts without being asked for a password.
this is actually working from any host to the kerberos server! however, slogin from the server to any other host and slogin between any two (non-server) hosts prompts for a password.
i have recompiled openssh --with-pam --with-kerberos5=/usr/lib/heimdal but to no avail. the same prompting for password occurs.
any suggestions would be appreciated!
Have you created host principals and stored the relevant keystashes on the respective hosts? Ciao, Roland -- TU Muenchen, Physik-Department E18, James-Franck-Str. 85747 Garching Telefon 089/289-12592; Telefax 089/289-12570 -- A mouse is a device used to point at the xterm you want to type in. Kim Alm on a.s.r.
Not sure this is what you need, but have you set: usePAM YES in /etc/ssh/sshd_config undocumented config parameter - well done openssh! Mike Rose TCM & BSS Computer Officer University of Cambridge http://www.bio.phy.cam.ac.uk/ http://www.tcm.phy.cam.ac.uk/ http://www.phy.cam.ac.uk/research/bss/ On Wed, 23 Mar 2005, paul kaiser wrote:
i am using suse professional 9.1.
i have installed heimdal (kerberos) from the distribution cdroms on a realm server. i have installed openssh from the distribution cdroms on all hosts. all the hosts are kerberos clients
authentication and ticket granting appear to be working fine on all hosts. if i am reading the suse manual correctly, i should be able to slogin between hosts without being asked for a password.
this is actually working from any host to the kerberos server! however, slogin from the server to any other host and slogin between any two (non-server) hosts prompts for a password.
i have recompiled openssh --with-pam --with-kerberos5=/usr/lib/heimdal but to no avail. the same prompting for password occurs.
any suggestions would be appreciated!
__________________________________ Do you Yahoo!? Yahoo! Sports - Sign up for Fantasy Baseball. http://baseball.fantasysports.yahoo.com/
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (3)
-
Mike Rose -
paul kaiser -
Roland Kuhn