[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal and r* client programs

On Wed, Aug 14, 2002 at 10:33:05AM -0500, Douglas E. Engert wrote:
> Tillman Hodgson wrote:
> > Does the TGT-upon-login work with version 1 of the ssh protocol? I've
> > been playing with the GSSAPI version 2 stuff, and I'd like to compare it
> > to the version 1 stuff.
> If you are interested in the the GSSAPI for version 1, I do have mods to Simon's
> mods. The SecureCRT product has a GSSAPI capability with  version 1, which we have been
> using for years. We intend to drop these when the GSSAPI for version 2 is implemented. 
> If you are interested, drop me a note, and what version of OpenSSH you have.

I'm more interested in the built-in supports for kerberos v5 in the ssh
version 1 protocol. I'm trying to move away from hand-rolled ssh
packages to ease maintainence issues :-)

If I could have an ssh login to a perimeter server also request and
store the TGT, then I can log in once to the network from the outside
(in a secure fashion via ssh) and have single sign-on from there on.
Eliminating the need for users to do a k5init would be great. Is that
possible with a generic openssh 3.4p1, perhaps using the version 1

Thanks muchly,

- Tillman

"Everything you are against weakens you. Everything you are for
empowers you."
	- Wayne Dyer (American Psychotherapist & Author)