net-ssh-kerberos¶ ↑

Add Kerberos (password-less) authentication capabilities to Net::SSH, without the need for modifying Net::SSH source code.

This is a great way to help get Capistrano to be accepted in mid-to-large size enterprises with strict security rules.

No more getting locked out of the network because you mis-typed your password - even if your company prohibits public key or host-based authentication. If your organization uses Kerberos (many mid-to-large size corporations do), you can use this package to get password-less authentication without breaking your company’s security guidelines.

How to use with Capistrano¶ ↑

Add the following lines to the top of your Capfile (the relevant :auth_method is “gssapi-with-mic”)

require 'net/ssh/kerberos'
set :ssh_options, { :auth_methods => %w(gssapi-with-mic publickey hostbased password keyboard-interactive) }

Supported Platforms¶ ↑

• UNIX systems use the GSSAPI for Kerberos 5 integration. (tested on RedHat Linux)

• Windows systems use Microsoft SSPI for Kerberos 5 integration. (tested on Windows XP)

• Supports enterprise-level Kerberos-based security (tested with Centrify DC)

• Cross-forest authentication is supported, including mixed environment (tested with Centrify DC in a mixed Windows/Linux environment)

Copyright¶ ↑

Copyright © 2009 Joe Khoobyar. See LICENSE for details.