I've built an openssh for OSX that has Kerberos5/GSSAPI enabled for use here @umbc, or logging into UMBC systems with kerberos pre-authentication. It's a tar file, meant to unpack in your Tiger system's root directory -- the ssh stuff will go in /usr/local, and a krb5.conf gets put in /etc.
It's here: openssh-4.1-osx-krb.tar.gz.
After you install it, you should be able to kinit on your mac, and ssh into core-managed systems that have had kerb. host keys assigned to them.
(remember to make sure you're running the /usr/local/bin/ssh, not Apple's ssh. I usually move theirs aside and symlink to the one in /usr/local...)
it was built with ./configure --with-kerberos5. It's not rocket science, you could even do it yourself. The krb5.conf was just copied from any of our central systems.
In actuality, you don't really need it, but it makes life easier. If you don't
want to put the krb5.conf there, you need to run 'kinit' with some options:
% kinit -f user@UMBC.EDU
The -f tells it to get "forwardable" tickets, and specifying the full
kerberos principal & realm allows the kerberos libraries to check the DNS
service records for the location of the realm's servers. Neat, eh?
Comments (3)
How about a version for Panther?
Posted by mark lasuk | March 29, 2006 2:26 PM
Posted on March 29, 2006 14:26
As you can see from the entry, building it for whatever OS verison you're running is trivial.
Posted by Robert Banz | March 31, 2006 1:17 PM
Posted on March 31, 2006 13:17
eblvys idkpzr juidzqn lkwzcan lzxivypr hruxtwf uctxhq
Posted by mutco ubafskgoj | August 29, 2007 3:58 AM
Posted on August 29, 2007 03:58