sftp/Kerberos [was: Re: Optional editline dependencies]

Alexander E. Patrakov patrakov at ums.usu.ru
Wed Aug 1 08:43:47 PDT 2007

Randy McMurchy wrote:
> I struggle with the example shown above (probably my ignorance
> of sftp though).
> If sftp does not use the Kerberos libraries, then how does it
> know where the user's home directory is on the remote machine
> to find the appropriate SSH information in a Kerberos
> installation where /etc/passwd is not used?
AFAIK (I have never set up a Kerberos-based installation, but listened 
to a friend that demonstrated how to do it) /etc/passwd is still used in 
a Kerberos-based setup, and contains something like "*K*" in the 
password field. Only /etc/shadow is not used. And, both sftp and ssh 
link to libgssapi_krb5.so.2 :)
> (I'm asking this question fully realizing that in a Kerberos
> installation, you probably wouldn't be using SSH anyway, as you
> would probably be using the Kerberos tools instead.)

Kerberos adds a secure single-sign-on authentication mechanism, but not 
channel encryption. So it makes perfect sense to use SSH. The benefit is 
that you don't have to type your password or distribute the public key 

Alexander E. Patrakov

More information about the blfs-dev mailing list