[Contents] [Index]

About This Document>>     Introduction to SSH Secure Shell >>     Configuring SSH Secure Shell >>     Authentication >>         Server Authentication>>         User Authentication>>             Password Authentication             Public-Key Authentication             Host-Based Authentication             Certificate Authentication             Kerberos Authentication             Pluggable Authentication Module (PAM)             SecurID         Keyboard-Interactive Authentication >>     Log Messages >>     Using SSH Secure Shell >>     Tool Syntax>>     Technical Specifications >>

Kerberos Authentication

When Kerberos support is enabled, it is possible to authenticate using Kerberos credentials, forwardable TGT (ticket granting ticket) and passing TGT to remote host for single sign-on. It is also possible to use Kerberos password authentication. Please note that SSH Secure Shell only supports Kerberos5.

To enable Kerberos support, perform the following tasks:

1. Compile the source:

   ./configure --with-kerberos5
   make
   make install 
   

2. Make sure that you have the following line in your /etc/ssh2/sshd2_config file:

   AllowedAuthentications kerberos-1@ssh.com,kerberos-tgt-1@ssh.com
   

   Other authentication methods can be listed in the configuration file as well.
3. Also, make sure that you have the following line in your /etc/ssh2/ssh2_config file (for SSH Secure Shell versions 2.3 and 2.4):

   AllowedAuthentications kerberos-1@ssh.com,kerberos-tgt-1@ssh.com
   

If you are using SSH Secure Shell version 3.0 or later, make sure that you use the new versions of kerberos authentication methods:

AllowedAuthentications kerberos-2@ssh.com,kerberos-tgt-2@ssh.com

Note: SSH Communications Security does not provide technical support on how to configure Kerberos. Our support only covers SSH Secure Shell applications and source code.