[OpenAFS] Home directory in AFS
Charles Clancy
security@xauth.net
Fri, 19 Apr 2002 09:31:34 -0500 (CDT)
> Derek> http://www.sxw.org.uk/computing/patches/openssh.html
>
> I'm already using that patch on both the client and the server machine(s).
> The problem is that SSHd seems to need my password, to be able to ask the
> KDC for the ticket (I think). Granted, i mostly use pam_krb5, and THAT can't
> get a ticket if I'm using the RSA key. Thing is, I can't always rely on the
> client SSH to have the GSSAPI stuff compiled in. Mostly this is because of
> any Win clients I'm forced to use on work etc (and that my users are using,
> not all my users have seen the light :).
Pam_krb5 can't do TGT passing. If you enable native kerberos support, you
should be able to do TGT passing without typing your password. Of course,
passwordless logins are based on having a valid TGT, not a valid RSA/DSA
key. I'm not sure if you'll be able to get kerberized SSH to work on
Windows.
[ t. charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
coordinated science laboratory | university of illinois | crypto group