[16784] in Kerberos_V5_Development
ANNOUNCE: Hurdo-0.1.1 - Kerberos credential authenticated sudo.
daemon@ATHENA.MIT.EDU (g.w@hurderos.org)
Fri Apr 29 03:19:09 2011
Message-Id: <201104290718.p3T7IuSq021288@wind.enjellic.com>
From: g.w@hurderos.org
Date: Fri, 29 Apr 2011 02:18:56 -0500
To: kerberos@mit.edu, krbdev@mit.edu
Reply-To: g.w@hurderos.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Good morning, hope the day is starting out well for everyone.
I'd like to announce the availability of a minor upgrade to the Hurdo
package. The update is available at the following URL:
ftp://ftp.hurderos.org/pub/Hurdo/Hurdo-0.1.1.tar.gz
Hurdo implements a framework for OpenSSH to support interactive
Kerberos credential export to a remote host. The package also
includes a patch to sudo which allows the exported credentials to be
used to authenticate a privilege escalation request.
In combination these patches allow sudo to be used 'safely' in a
Kerberos environment. Standard Kerberos support for sudo either
natively or through the use of PAM requires a Kerberos password to be
entered into a remote host which carries with it a system wide
security threat if the remote host is compromised.
This update features the following changes:
0.1.0 -> 0.1.1
* Update sudo patch to sudo-1.7.6.
* Added patch for SSH against openssh-5.6p1 patched with most
recent version of key exchange patch (201101).
* No functionality changes.
Best wishes for a pleasant weekend.
As always,
Greg Wettstein
------------------------------------------------------------------------------
The Hurderos Project
"The greatest pleasure in life is doing what other people say you cannot do."
-- W. Bagehot
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
