Subject: Re: Centralized User and Password Management
To: None <netbsd-users@NetBSD.org>
From: Jukka Salmi <email@example.com>
Date: 11/24/2004 21:54:00
Tillman Hodgson --> netbsd-users (2004-11-24 10:41:00 -0600):
> On Wed, Nov 24, 2004 at 05:19:32PM +0100, Jukka Salmi wrote:
> > Yes, sshd (at least on NetBSD 2.0 and -current) seems to be able to
> > authenticate against a kdc (if KerberosAuthentication is set to 'yes').
> Note that KerberosAuthentication is for the the OpenSSH version 1
> protocol, which you probably don't want to use. You'll find that newer
> OpenSSH version suppose GSSAPI options which are the preferred path
Hmm, AFAICT I explicitly disabled protocol version 1:
$ grep ^Proto /etc/ssh/sshd_config
and ssh -v from a client to this host prints:
$ ssh -v user@host
OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917
debug1: match: OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,firstname.lastname@example.org
debug1: Next authentication method: email@example.com
debug1: Authentication succeeded (firstname.lastname@example.org).
...and if I don't have a TGT on the client I'm asked for the Kerberos
password, so this works fine, too.
Am I missing something?
$ ((RANDOM%6)) || rm -rf ~