Snow Leopard SSH daemon and kerberos logins

[yemi]

Apple have bundled a more recent version of sshd (5.2p1) with Snow Leopard. Apple support actually sent me message claiming that the Kerberos credentials cache issue in 10.5 is now fixed in 10.6 but I’ll believe it when I see it. What’s interesting is that the sshd pam stack (/etc/pam.d/sshd) now includes pam_krb5 . Has anyone successfully logged into a Snow Leopard system via ssh using kerberos authentication? I haven’t got it working yet…….

——-
Yemi

[Macleod]

Were you not able to do so in 10.5? I had AD Kerb ssh logins to my 10.5x server working…

[yemi]

[QUOTE][u]Quote by: Macleod[/u][p]Were you not able to do so in 10.5? I had AD Kerb ssh logins to my 10.5x server working…[/p][/QUOTE]

I had kerberos ssh logins to 10.5.x servers working *but* the ssh daemon did not cache the forwarded Kerberos TGT. Basically, Kerberos ssh logins worked but there was no sign of the kerberos ticket in the remote server session. Typically, the KRB5CCNAME environment variable is set and you can view the ticket via ‘klist’.

——
Yemi

[yemi]

Quick update on my 10.6 server experience:

Although I am currently unable to perform Kerberos ssh logins using passwords (as documented in the pam_krb5 man page), I can login by passing a valid ticket using GSSAPIAuthentication.

——-
Yemi

[Author]

Posts