Subject: Re: Centralized User and Password Management
To: None <>
From: Jukka Salmi <>
List: netbsd-users
Date: 11/24/2004 21:54:00
Tillman Hodgson --> netbsd-users (2004-11-24 10:41:00 -0600):
> On Wed, Nov 24, 2004 at 05:19:32PM +0100, Jukka Salmi wrote:
> > Yes, sshd (at least on NetBSD 2.0 and -current) seems to be able to
> > authenticate against a kdc (if KerberosAuthentication is set to 'yes').
> Note that KerberosAuthentication is for the the OpenSSH version 1
> protocol, which you probably don't want to use. You'll find that newer
> OpenSSH version suppose GSSAPI options which are the preferred path
> forward.

Hmm, AFAICT I explicitly disabled protocol version 1:

$ grep ^Proto /etc/ssh/sshd_config                                             
Protocol 2

and ssh -v from a client to this host prints:

$ ssh -v user@host
OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917
debug1: match: OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,
debug1: Next authentication method:
debug1: Authentication succeeded (

...and if I don't have a TGT on the client I'm asked for the Kerberos
password, so this works fine, too.

Am I missing something?

Regards, Jukka

bashian roulette:
$ ((RANDOM%6)) || rm -rf ~