From 25d741e9d4f088b33936a80455c56253f744e454 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 2 Jun 2011 12:58:39 -0400 Subject: [PATCH] Add GSSAPI and host/... notes for Kerberos + SSH. --- posts/Kerberos.mdwn | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/posts/Kerberos.mdwn b/posts/Kerberos.mdwn index a19b2b3..5b8afe1 100644 --- a/posts/Kerberos.mdwn +++ b/posts/Kerberos.mdwn @@ -297,7 +297,10 @@ to get Kerberized versions of any packages you have installed ...). For details on using Kerberos with [[SSH]], check out the excellent -description in [the SSH definative guide][ssh]. +description in [the SSH definative guide][ssh]. The key elements are +`host/@REALM` principals for each host (with keyfiles on each +server) and appropriate enabling of the `GSSAPI*` options in +`sshd_config` and `ssh_config`. There's also [suite of Kerberos-aware utilities][apps] in `app-crypt/mit-krb5-appl` (`krcp`, `krlogin`, `krsh`, `ktelnet`, and -- 2.26.2