[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal and r* client programs

To: Tillman Hodgson <tillman@seekingfire.com>
Subject: Re: Heimdal and r* client programs
From: Simon Wilkinson <sxw@dcs.ed.ac.uk>
Date: Fri, 16 Aug 2002 20:37:14 +0100 (BST)
cc: heimdal-discuss@sics.se
In-Reply-To: <20020816120229.A21200@seekingfire.com>
Sender: owner-heimdal-discuss@sics.se


> 1. Ran a k5destory and a k5list to confirm that I did not have a ticket
>
> 2. Ran '/usr/local/bin/ssh -2 -p 8022 localhost' ... oddly, I got a
>    password prompt that only took my system (rather than Kerberos)
>    password
>
> 3. Ran k5list to see if I had a ticket created - I didn't

This list probably isn't the appropriate place to get into an in depth
discussion, but I just felt I should correct a really common
misunderstanding:

The GSSAPI patches _only_ deal with authentication via already gained
tickets, and forwarding tickets to the remote machine.

Authentication via password is handled by the stock OpenSSH code. We use
PAM to handle password checking against the KDC, but there is code in
OpenSSH that can also do this. I'd suggest asking on one of the openssh
lists for more details.

Cheers,

Simon.

Follow-Ups:
- Re: Heimdal and r* client programs
  - From: Tillman Hodgson <tillman@seekingfire.com>

References:
- Re: Heimdal and r* client programs
  - From: Tillman Hodgson <tillman@seekingfire.com>

Prev by Date: Re: Heimdal and r* client programs
Next by Date: Re: Heimdal and r* client programs
Prev by thread: Re: Heimdal and r* client programs
Next by thread: Re: Heimdal and r* client programs
Index(es):
- Date
- Thread