[24016] in Kerberos
TGT forwarding when cross-realm auth?
daemon@ATHENA.MIT.EDU (vadim)
Sat Jun 4 03:45:23 2005
From: vadim <vadim.tarassov@swissonline.ch>
To: kerberos@mit.edu
Content-Type: text/plain
Date: Sat, 04 Jun 2005 09:46:42 +0200
Message-Id: <1117871202.13377.19.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hallo everybody,
First time in my life I managed to establish trust between two realms,
realm A and realm B. Trust is one-way, where B trusts A.
Now when I do ssh from unix box from realm A to unix box in realm B, my
TGT from realm A gets forwarded to box in realm B. My principal remains
me@A.
This is however not the functionality I am looking for. Instead of
forwarding krbtgt/A@A, I would like to get krbtgt/B@B in my credential
cache on unix box in realm B once ssh'ed in it from unix box in realm A.
And I would my principal to become me@B instead of me@A.
Reason one I am looking for such functionality is
1) we (realm A) do not trust realm B and do not want credentials from
realm A to be saved on that filesystem.
2) we however still want users to login from A to B without entering
passwords.
Could you please tell me how I could get such functionality?
thanx a lot and best regards, vadim tarassov.
--
vadim <vadim.tarassov@swissonline.ch>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
