Add Kerberos (password-less) authentication capabilities to Net::SSH, without the need for modifying Net::SSH source code.
This is a great way to help get Capistrano to be accepted in mid-to-large size enterprises with strict security rules.
No more getting locked out of the network because you mis-typed your password - even if your company prohibits public key or host-based authentication. If your organization uses Kerberos (many mid-to-large size corporations do), you can use this package to get password-less authentication without breaking your company’s security guidelines.
Add the following lines to the top of your Capfile (the relevant :auth_method is “gssapi-with-mic”)
require 'net/ssh/kerberos' set :ssh_options, { :auth_methods => %w(gssapi-with-mic publickey hostbased password keyboard-interactive) }
-
UNIX systems use the GSSAPI for Kerberos 5 integration. (tested on RedHat Linux)
-
Windows systems use Microsoft SSPI for Kerberos 5 integration. (tested on Windows XP)
-
Supports enterprise-level Kerberos-based security (tested with Centrify DC)
-
Cross-forest authentication is supported, including mixed environment (tested with Centrify DC in a mixed Windows/Linux environment)
-
Joe Khoobyar github.com/joekhoobyar
-
Joshua Ballanco github.com/jballanc
-
Liu Lantao github.com/Lax
Copyright © 2009-2011 Joe Khoobyar. See LICENSE for details.