[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with OpenSSH




On Aug 1, 2007, at 12:10 , Antoine MILLET wrote:

> *but*
> OpenSSH don't log users without a keytab containing the host  
> principal... Without this keytab I can log on the host.

This is correct behavior.  Look up "Zanarotti attack" for details of  
why this is done.  (Note that this does not apply to console logins,  
hence kinit and gdm don't require it.)

-- 
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH