There's always time to play

Wednesday, June 16, 2010

Kerberos SSH logins on Mac OS X

As a testing step of our Kerberos / Mac OS X integration I was testing SSH using a Kerberos ticket. At first it didn't seem to work. However, SSH can easily provide some more detailed debugging information, which I could compare with debugging information from a Linux machine which would successfully login with a Kerberos ticket. Turned out GSSAPI authentication is disabled by default for SSH on Mac OS X, you can enable it by editing /etc/ssh_config:
Host *
GSSAPIAuthentication yes

or by passing the option to SSH on every connection:
$ ssh -o GSSAPIAuthentication=yes <host>

No comments: