Network Security: Detailed info on Re: openssh with cross-realm kerberos (heimdal) authentication

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Re: openssh with cross-realm kerberos (heimdal) authentication

from [Simon Wilkinson] Network Security

[Permanent Link]

Subject:	Re: openssh with cross-realm kerberos (heimdal) authentication
Date:	Mon, 29 May 2006 23:41:32 +0100

Steven Van Acker wrote:

I'm trying to get cross-realm authentication to work between A.COM and
B.NET for openssh.
the KDC from A.COM has a principal user@A.COM.
the KDC from B.NET has the principal host/sshserver@B.NET
There's also a principal krbtgt/B.NET@A.COM on both KDC's.


Is user@A.COM authorized to access <user>'s account on the ssh server?
If the server's default realm is B.NET, the standard configuration will
only allow user@B.NET to access that account.

You need to investigate the documentation for ~/.k5login, or whatever
other mechanisms your Kerberos library provides for authorizing
cross-realm principals.

Simon.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
openssh with cross-realm kerberos (heimdal) authentication, Steven Van Acker Re: openssh with cross-realm kerberos (heimdal) authentication, Simon Wilkinson <= Re: openssh with cross-realm kerberos (heimdal) authentication, Steven Van Acker

Previous by Date:	openssh with cross-realm kerberos (heimdal) authentication, Steven Van Acker
Next by Date:	Re: openssh with cross-realm kerberos (heimdal) authentication, Steven Van Acker
Previous by Thread:	openssh with cross-realm kerberos (heimdal) authentication, Steven Van Acker
Next by Thread:	Re: openssh with cross-realm kerberos (heimdal) authentication, Steven Van Acker
Indexes:	[Date] [Thread] [Top] [All Lists]