Re: SSH configuration - Kerberos

This is a discussion on Re: SSH configuration - Kerberos ; hi, I think, that you also need: * krb5.conf a proper configuration for your realm * sshd_config KerberosAuthentication yes KerberosOrLocalPasswd yes KerberosTicketCleanup yes * ssh_config GSSAPIAuthentication yes GSSAPIDelegateCredentials yes * pam.d/ssh pam_krb5.so * krb5.keytab service key in keytab for host ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: SSH configuration

  1. Re: SSH configuration

    hi,

    I think, that you also need:

    * krb5.conf
    a proper configuration for your realm

    * sshd_config
    KerberosAuthentication yes
    KerberosOrLocalPasswd yes
    KerberosTicketCleanup yes

    * ssh_config

    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes

    * pam.d/ssh
    pam_krb5.so

    * krb5.keytab
    service key in keytab for host
    (to establish a trust between service and KDC)

    >> any pointers in this regard?

    there should be many howto's out there, but just now i cann't find any
    suitable walkthrough. but this looks fine (i didn't read it

    http://www.visolve.com/security/ssh_kerberos.php

    bodik

  2. Re: SSH configuration

    On 2008-07-29, bodik wrote:
    > * sshd_config
    > KerberosAuthentication yes
    > KerberosOrLocalPasswd yes
    > KerberosTicketCleanup yes


    that's for Kerberos 4; for version 5 you need:

    GSSAPIAuthentication yes
    GSSAPICleanupCredentials yes

    Cheers,

    --Seb

  3. Re: SSH configuration




    > I am getting "No Valid Key Exchange Context"
    >


    Seb-27 wrote:
    >
    > On 2008-07-29, bodik wrote:
    >> * sshd_config
    >> KerberosAuthentication yes
    >> KerberosOrLocalPasswd yes
    >> KerberosTicketCleanup yes

    >
    > that's for Kerberos 4; for version 5 you need:
    >
    > GSSAPIAuthentication yes
    > GSSAPICleanupCredentials yes
    >
    > Cheers,
    >
    > --Seb
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >
    >


    --
    View this message in context: http://www.nabble.com/SSH-configurat...p18810359.html
    Sent from the Kerberos - General mailing list archive at Nabble.com.


+ Reply to Thread