Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server (M) >>
    Using SSH Tectia Server (M) >>
    Troubleshooting SSH Tectia Server (M) >>
    Configuration >>
    Authentication >>
        Server Authentication with Public Keys >>
        Server Authentication with Certificates >>
        User Authentication with Passwords
        User Authentication with Public Keys >>
        User Authentication with Certificates >>
        Host-Based User Authentication >>
        User Authentication with Keyboard-Interactive >>
        User Authentication with GSSAPI
            Client and Server Configuration
    Application Tunneling >>
    Sample Files >>
    Man Pages
    Log Messages >>

Client and Server Configuration

Both the client and the server use a similar configuration data format.

The name of the GSSAPI method is gssapi. It can be specified with the AllowedAuthentications keyword in ssh2_config and sshd2_config configuration files.

There is a GSSAPI-related keyword GSSAPI.AllowedMethods which specifies the actual mechanisms that are to be used through GSSAPI. Only the Kerberos mechanism is supported on Unix.

For the Kerberos authentication to function through GSSAPI, both the client and server will need to be configured to use Kerberos.

If GSSAPI.AllowOldMethodWhichIsInsecure is selected, GSSAPI authentication will drop back to the old GSSAPI method (without Message Integrity Code) if the new GSSAPI method (gssapi-with-mic) fails. As the GSSAPI with MIC method is not yet widely supported, GSSAPI.AllowOldMethodWhichIsInsecure is selected by default.

GSSAPI.Dlls specifies where the necessary GSSAPI libraries are located. If this option is not specified, the libraries will be searched for in a number of common locations. This configuration option takes a comma-separated list as an argument. The full path to the libraries should be given.

The following is a sample GSSAPI configuration from the ssh2_config configuration file:

AllowedAuthentications   gssapi,password
GSSAPI.AllowedMethods    kerberos

Note: SSH Communications Security does not provide technical support on how to configure Kerberos. Our support only covers SSH Tectia applications.

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2005 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more