[29922] in Kerberos
RE: ssh publickey auth w/ kerb
daemon@ATHENA.MIT.EDU (Whitehead, Brian)
Mon Jun 2 15:18:44 2008
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 2 Jun 2008 14:05:30 -0500
Message-ID: <74DB28182CB793438AC65D689C58BBF8015975F3@dlee10.ent.ti.com>
In-Reply-To: <ldv4p8br7jo.fsf@cathode-dark-space.mit.edu>
From: "Whitehead, Brian" <bwhitehead@ti.com>
To: "Tom Yu" <tlyu@MIT.EDU>
Cc: kerberos@MIT.EDU, "Douglas E. Engert" <deengert@anl.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
Thank you for the clarification.
Brian
> -----Original Message-----
> From: Tom Yu [mailto:tlyu@MIT.EDU]
> Sent: Monday, June 02, 2008 1:55 PM
> To: Whitehead, Brian
> Cc: Douglas E. Engert; kerberos@MIT.EDU
> Subject: Re: ssh publickey auth w/ kerb
>
> "Whitehead, Brian" <bwhitehead@ti.com> writes:
>
> > I'm thinking of the server being ssh'd to ask a kerberos client,
> > because it is authenticating the user against the AD server
> using kerberos.
>
> Are you considering the ssh server to be a Kerberos client?
> While that may be a valid interpretation, please be aware
> that in the context of a Kerberos-authenticated ssh
> connection, the usual terminology refers to the ssh server as
> the application server, and to the ssh client as be both the
> application client and the Kerberos client. To better
> distinguish between the Kerberos server and the application
> server, we usually call the Kerberos server itself the KDC
> (Key Distribution Center).
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
