Quoting Arthur Corliss <acorliss@nevaeh-linux.org>:
> On Wed, 28 Nov 2007, Jon Reynolds wrote:
>
>> Thanks Pete,
>>
>> But I don't think I need to use ssh-agent when using kerberos.
>> Everything I have read about it so far has never mentioned using ssh-agen=
t.
>
> You're right, Jon. Provided that you have a working KDC, and your
> sshd_config & ssh_config are properly configured you can get a kerberos
> ticket with your first access (if you're using a physical console you will
> need to 'kinit' instead), and it's all passwordless from there on out. No
> need for anything else.
>
Thanks Art,
These are the relevant parts of the ssh_config file that need to be =20
either added or turned on:
GSSAPIAuthentication yes =20
GSSAPIDelegateCredentials yes
And for the sshd_config I also found that these need to be either =20
added or turned on as well:
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
I have a question about the 'KerberosOrLocalPasswd' in the sshd_config =20
file. Does this mean that if my kerberos server is down that it will =20
fall back and use local passwords?
So now I believe I have ssh setup to correctly use kerberos and now I =20
need to figure out the kerberos config files and configure them.
Any help would be greatly appreciated,
Jon
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Nov 28 11:08:22 2007
This archive was generated by hypermail 2.1.8 : Wed Nov 28 2007 - 11:08:23 AKST