net-ssh-kerberos

Add Kerberos (password-less) authentication capabilities to Net::SSH, without the need for modifying Net::SSH source code.

This is a great way to help get Capistrano to be accepted in mid-to-large size enterprises with strict security rules.

No more getting locked out of the network because you mis-typed your password - even if your company prohibits public key or host-based authentication. If your organization uses Kerberos (many mid-to-large size corporations do), you can use this package to get password-less authentication without breaking your company’s security guidelines.

How to use with Capistrano

Add the following lines to the top of your Capfile (the relevant :auth_method is “gssapi-with-mic”)

require 'net/ssh/kerberos'
set :ssh_options, { :auth_methods => %w(gssapi-with-mic publickey hostbased password keyboard-interactive) }

Supported Platforms

  • UNIX systems use the GSSAPI for Kerberos 5 integration. (tested on RedHat Linux)

  • Windows systems use Microsoft SSPI for Kerberos 5 integration. (tested on Windows XP)

  • Supports enterprise-level Kerberos-based security (tested with Centrify DC)

  • Cross-forest authentication is supported, including mixed environment (tested with Centrify DC in a mixed Windows/Linux environment)

Contributors

Copyright © 2009-2011 Joe Khoobyar. See LICENSE for details.