Network Security: Detailed info on Re: Kerberos 5 authentication without password?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Re: Kerberos 5 authentication without password?

from [Jeff Blaine] Network Security

[Permanent Link]

Subject:	Re: Kerberos 5 authentication without password?
Date:	Wed, 24 May 2006 10:41:05 -0400

Darren Tucker wrote:

Jeff Blaine wrote:
First a question whose answer may negate the rest of the
message:
Q: Is it possible to configure OpenSSH to allow a user
   coming from host X, with a valid TGT there, to login
   without being asked for a password... without using
   SSH's public key crypto for that password-less auth?
[...]
    GSSAPIAuthentication yes
    GSSAPIKeyExchange yes
    GSSAPICleanupCredentials yes
Have you enabled GSSAPIAuthentication (and maybe GSSAPIDelegateCredentals and PreferredAuthentications) in the client? The former two default to "no" and the latter's default does not have "gssapi-with-mic".


Thanks, Darren.  Do you know if there is any reason why
ssh_config does not list (commented out) all of the
defaults in order to give the installer a list of
toggleable items?  (like sshd_config already has,
extensively)

That solved the problem though.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Kerberos 5 authentication without password?, Jeff Blaine Re: Kerberos 5 authentication without password?, Darren Tucker Re: Kerberos 5 authentication without password?, Jeff Blaine <= Re: Kerberos 5 authentication without password?, Darren Tucker Re: Kerberos 5 authentication without password?, Bulgaria Online - Assen Totin

Previous by Date:	Re: Kerberos 5 authentication without password?, Darren Tucker
Next by Date:	Re: Two-hops SSH tunnelling, Giancarlo Razzolini
Previous by Thread:	Re: Kerberos 5 authentication without password?, Darren Tucker
Next by Thread:	Re: Kerberos 5 authentication without password?, Darren Tucker
Indexes:	[Date] [Thread] [Top] [All Lists]