Server:
- Install recent openssh from pkgsrc, make sure kerberos option is set when building.
- Make sure your machine has the appropriate krb5.conf in /usr/pkg/etc (I symlink to /etc/krb5.conf)
- Make sure your machine has a host/machine.name@KERB.REALM keytab in /usr/pkg/etc/krb5.keytab (once again with the symlinking
- Set these options in /usr/pkg/etc/ssh/sshd_config:
KerberosAuthentication yes KerberosGetAFSToken yes GSSAPIAuthentication yes
- Install heimdal from pkgsrc
- add the following to /usr/pkg/etc/ssh/sshrc
/usr/pkg/bin/afslog
Client:
- Install recent openssh from pkgsrc, make sure kerberos option is set when building.
- Make sure your machine has the appropriate krb5.conf in /usr/pkg/etc (I symlink to /etc/krb5.conf)
- Set these options in /usr/pkg/etc/ssh/ssh_config:
Host * PreferredAuthentications hostbased,publickey,gssapi-with-mic,keyboard-interactive,password GSSAPIAuthentication yes GSSAPIDelegateCredentials yes
- Get addressless, forwardable tickets
- run the pkgsrc ssh