From: W. Trevor King Date: Thu, 2 Jun 2011 16:58:39 +0000 (-0400) Subject: Add GSSAPI and host/... notes for Kerberos + SSH. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=25d741e9d4f088b33936a80455c56253f744e454;p=blog.git Add GSSAPI and host/... notes for Kerberos + SSH. --- diff --git a/posts/Kerberos.mdwn b/posts/Kerberos.mdwn index a19b2b3..5b8afe1 100644 --- a/posts/Kerberos.mdwn +++ b/posts/Kerberos.mdwn @@ -297,7 +297,10 @@ to get Kerberized versions of any packages you have installed ...). For details on using Kerberos with [[SSH]], check out the excellent -description in [the SSH definative guide][ssh]. +description in [the SSH definative guide][ssh]. The key elements are +`host/@REALM` principals for each host (with keyfiles on each +server) and appropriate enabling of the `GSSAPI*` options in +`sshd_config` and `ssh_config`. There's also [suite of Kerberos-aware utilities][apps] in `app-crypt/mit-krb5-appl` (`krcp`, `krlogin`, `krsh`, `ktelnet`, and