- MIT Kerberos page
- Status of Kerberos IETF documents
- Official Kerberos FAQ
- How to Kerberise your site
Kerberos downloads
Get Kerberos from
Local information
A local copy of the MIT manuals: Local papers on Kerberos:
Integrating OpenSSH v3 with Kerberos
With a little work, you can build OpenSSH with Kerberos support. This results in being able to use SSH commands to connect systems with the passwords and keys being managed by a centralised Kerberos KDC. This can also be useful if you want secure access to systems running Kerberos from a Windows-based desktop system. Since Kerberos clients for Windows are very hard to find ( and may cost a little ), the best solution is to use SSH Windows clients ( such as puTTY and TeraTerm/SSH ) to connect to Kerberised SSH servers on Unix systems.
- Download and install Kerberos5 v1.2.2
- Get OpenSSH from openssh.org. Current version, at the time of writing, is 3.0.2p1. Note that you also need to download and install the zlib and OpenSSL packages as well.
- Get the OpenSSH krb5 patch from Simon Wilkinson here.
- Unpack the openssh package.
- Apply the patch :
patch <openssh-3.0.2p1-krb5.patch
- Run autoreconf - note that you need a fairly new version of the autoconf package to get this to work. The version of autoconf which comes with RedHat 7.2 is too old to work - download and install a newer version from www.gnu.org
- Run configure :
./configure --with-kerberos5=path_to_kerberos5_src
- Run make, then make install
- Setup the sshd configuration file ( /usr/local/etc/sshd_config ), setup the /etc/init.d/sshd startup and shutdown scripts, and do some testing.