[1198] in athena10
Re: can a cluster machine be made ssh'able in?
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Feb 20 14:56:38 2009
From: Sam Hartman <hartmans@MIT.EDU>
To: Greg Hudson <ghudson@mit.edu>
Cc: Alex T Prengel <alexp@mit.edu>, athena10@mit.edu
Date: Fri, 20 Feb 2009 14:56:24 -0500
In-Reply-To: <1235072276.7373.35.camel@ray> (Greg Hudson's message of "Thu, 19
Feb 2009 14:37:56 -0500")
Message-ID: <tsl1vtsg9w7.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
I would not recommend documenting this and distributing to external
parties. Providing remote access to machines without keytabs
complicates an already complicated security model. I can go through
the cases with anyone who s interested, but particularly because we
use pam_krb5 for su and sudo there are a lot of cases where this
definitely is not the functionality you want.
--Sam
