Subject: Re: SSH and Kerberos
To: None <>
From: Daniel Cox <>
List: tech-security
Date: 10/04/2002 23:04:42
Turning Priv Sep off fixes the problem.
I now have Kerberos V working correctly with SSH V1

>>> Roland Dowdeswell <> 10/04/02 21:39 PM >>>

On 1033710694 seconds since the Beginning of the UNIX epoch
"Daniel Cox" wrote:

>NetBSD 1.6 also works properly as a workstation, ie. I
>can run kinit and then ssh to other hosts without having to
>enter a password.
>BUT I cant connect to the NetBSD host with ssh from other
>hosts - ssh did not have kerberos support compiled in for 1.5.2,
>I thought I would try again with 1.6.

OpenSSH recently couldn't do krb5 auth while PriviledgeSeparation
was turned on, so you could try turning the Priv Sep off for a
while and see if that is the issue.  This has recently been recitified
in OpenSSH, but I don't think that it quite made it into 1.6.

    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/