[OmniOS-discuss] A small gotcha with switching the ssh & openssh packages in OmniOS
Paul B. Henson
henson at acm.org
Thu Nov 19 20:45:19 UTC 2015
> From: Dan McDonald
> Sent: Thursday, November 19, 2015 6:16 AM
>
> This is going to sound silly, but do you have:
>
> UsePAM yes
>
> in /etc/ssh/sshd_config ?
>
> I have reports that "fixes krb5 for me at least" from one of our community
> members.
Using PAM allows openssh to do username/password-based authentication
against a Kerberos realm, but it does not allow actual Kerberos
authentication (ie, ticket based, without passwords). If that's all you
need, there is no requirement for actual Kerberos/GSSAPI support in openssh
itself, but if you want to do real Kerberos (ticket based authentication,
TGT forwarding, etc), you still need it.
More information about the OmniOS-discuss
mailing list