Return to README.AFS-KERBEROS CVS log

Up to [local] / src / usr.bin / ssh

i bet a lot of people didn't know what ssh 1.2.16 had a nice license.
well, except for the patent issues.  someone in sweden (forget their
name at the moment) cleaned out most of the patented code, and now
this code removes rsa code.  when this is done, it will link against
libssl, but the work isn't completely done yet.  then we need to bring
this up to modern days, featurewise.

ssh-1.2.26-afs-kerberos.patch-1
AFS, Kerberos v4 support for SSH

Here are the extra flags to configure, and what they do:

--with-krb4[=PATH]	Compile in Kerberos v4 support:
			Kerberos v4 authentication
			Kerberos v4 password authentication
			Kerberos v4 ~/.klogin authorization

These are all enabled by the 'KerberosAuthentication' config option.
Kerberos v4 and Kerberos v5 support are mutually exclusive for now.
PATH default is /usr/kerberos.

--with-hesiod[=PATH]	Compile in support for Hesiod:
			getpwnam(), getpwuid() replacements

--with-afs		Compile in AFS support (requires KTH krb4):
			ticket/token passing
			process authentication groups
			local Xauthority files (for AFS home dirs)
			/ticket TKT_ROOT directory (if it exists)

Binaries built with AFS support will work just fine on non-AFS machines!
You will need to use the KTH krb4 libs (ftp://ftp.pdc.kth.se/pub/krb/src), 
or just their libkafs, also available separately from CMU as libkrbafs 
(http://andrew2.andrew.cmu.edu/dist/krbafs.html).

Additional Kerberos client and server config options (and their defaults):

	 KerberosAuthentication	     	yes
	 KerberosOrLocalPasswd		no
	 KerberosTgtPassing		yes
	 AFSTokenPassing		yes
	 KerberosTicketCleanup		yes

See sshd(8) and ssh(1) for details.

The latest version of this patch can be found at

    http://www.monkey.org/~dugsong/ssh-afs-kerberos.html

dugsong@monkey.org