[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with OpenSSH

To: heimdal-discuss@sics.se, "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Subject: Re: Problem with OpenSSH
From: Antoine MILLET <antoine.millet@staff.epita.fr>
Date: Wed, 01 Aug 2007 18:53:02 +0200
In-Reply-To: <66E4628F-F911-4AE0-B86E-D95EFF9FC0FE@ece.cmu.edu>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <46B0B05E.6000705@staff.epita.fr> <66E4628F-F911-4AE0-B86E-D95EFF9FC0FE@ece.cmu.edu>
Reply-To: heimdal-discuss@sics.se, Antoine MILLET <antoine.millet@staff.epita.fr>
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)

Brandon S. Allbery KF8NH wrote:
>
> On Aug 1, 2007, at 12:10 , Antoine MILLET wrote:
>
>> *but*
>> OpenSSH don't log users without a keytab containing the host 
>> principal... Without this keytab I can log on the host.
>
> This is correct behavior.  Look up "Zanarotti attack" for details of 
> why this is done.  (Note that this does not apply to console logins, 
> hence kinit and gdm don't require it.)
>
Thanks a lot for this answer.

And any idea about the fact that openssh doesn't forward ticket and 
request password each time I want to log on another computer in our park ?

Thanks in advance.

-- 
Cordialement.

Follow-Ups:
- Re: Problem with OpenSSH
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

References:
- Problem with OpenSSH
  - From: Antoine MILLET <antoine.millet@staff.epita.fr>
- Re: Problem with OpenSSH
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

Prev by Date: Re: Problem with OpenSSH
Next by Date: Bug in kinit and afslog
Prev by thread: Re: Problem with OpenSSH
Next by thread: Re: Problem with OpenSSH
Index(es):
- Date
- Thread