[29921] in Kerberos
Re: ssh publickey auth w/ kerb
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Jun 2 14:56:58 2008
To: "Whitehead, Brian" <bwhitehead@ti.com>
From: Tom Yu <tlyu@MIT.EDU>
Date: Mon, 02 Jun 2008 14:55:07 -0400
In-Reply-To: <74DB28182CB793438AC65D689C58BBF801597514@dlee10.ent.ti.com>
(Brian Whitehead's message of "Mon, 2 Jun 2008 11:40:14 -0500")
Message-ID: <ldv4p8br7jo.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@MIT.EDU, "Douglas E. Engert" <deengert@anl.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
"Whitehead, Brian" <bwhitehead@ti.com> writes:
> I'm thinking of the server being ssh'd to ask a kerberos client, because
> it is authenticating the user against the AD server using kerberos.
Are you considering the ssh server to be a Kerberos client? While
that may be a valid interpretation, please be aware that in the
context of a Kerberos-authenticated ssh connection, the usual
terminology refers to the ssh server as the application server, and to
the ssh client as be both the application client and the Kerberos
client. To better distinguish between the Kerberos server and the
application server, we usually call the Kerberos server itself the KDC
(Key Distribution Center).
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
