Two flavours of the SSH protocol exist, which support Kerberos differently:
* SSH1: ancient and theoretically less secure, it had nevertheless direct support for Kerberos4, Kerberos5 and AFS. Typically, SSH programs nowadays needs to be specifically patched/recompiled to understand Kerberos4 and AFS.
* SSH2: the modern successor that does not "speak" Kerberos directly, but uses an intermediate mechanism called GSSAPI ("Generic Security Services API", which itself uses Kerberos5). It is blissfully unaware of AFS, but widely available.
@@ -478,6 +479,7 @@ Once initial keytab has been created (and is still valid) it can be regenerated
(existing keytab will be used for authentication).
Additional service principal names (for example used for implementing http server kerberos authentication) / keys can be obtained also using msktutil: