[32369] in Kerberos
Re: using a ssh key for krb5 mount
daemon@ATHENA.MIT.EDU (mark)
Tue May 18 15:34:40 2010
Message-ID: <4BF2EBC1.8040302@mproehl.net>
Date: Tue, 18 May 2010 21:34:25 +0200
From: mark <mark@mproehl.net>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <1274110451.2419.195.camel@ray>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 05/17/2010 05:34 PM, Greg Hudson wrote:
>
> There is actually a mechanism to allow that kind of authentication
> protocol transfer, if the server is trusted. It originated with
> Microsoft and is alternately called S4U2Proxy or Constrained Delegation.
> However, using it in sshd would require additional code, and getting the
> SSH people to accept additional Kerberos code is basically impossible.
>
Hi,
wouldn't it be possible to implement s4u in a pam module? There
shouldn't be any need for additional code in OpenSSH
Regards,
Mark Pröhl
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
