projects / blog.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add GSSAPI and host/... notes for Kerberos + SSH.
[blog.git] / posts / Kerberos.mdwn
diff --git a/posts/Kerberos.mdwn b/posts/Kerberos.mdwn
index a19b2b3abfa8d10281302182088e3ebd2bc2d9a7..5b8afe195b0acece46c17d0da92152d9c35654bc 100644 (file)
--- a/posts/Kerberos.mdwn
+++ b/posts/Kerberos.mdwn
@@ -297,7 +297,10 @@ to get Kerberized versions of any packages you have installed
 ...).
 
 For details on using Kerberos with [[SSH]], check out the excellent
-description in [the SSH definative guide][ssh].
+description in [the SSH definative guide][ssh].  The key elements are
+`host/<fqdn>@REALM` principals for each host (with keyfiles on each
+server) and appropriate enabling of the `GSSAPI*` options in
+`sshd_config` and `ssh_config`.
 
 There's also [suite of Kerberos-aware utilities][apps] in
 `app-crypt/mit-krb5-appl` (`krcp`, `krlogin`, `krsh`, `ktelnet`, and
"unfolding disasters" ikiwiki blog.