[7677] in Kerberos
Re: Kerberos 5 Authentication with SGI xdm
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Fri Jul 26 00:52:09 1996
To: schwartz@galapagos.cse.psu.edu (Scott Schwartz)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "25 Jul 1996 22:50:18 EDT."
<8g20hzybh1.fsf@galapagos.cse.psu.edu>
Date: Fri, 26 Jul 1996 00:36:55 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>kenh@cmf.nrl.navy.mil (Ken Hornstein) writes:
>| We have a number of SGI's here, and eventually we'd like to have
>| everyone who uses these machines login with their Kerberos 5
>| password and get a Kerberos TGT.
>
>Speaking of X11, kerberos authentication still doesn't work in R6. Is
>anyone working on fixing it, now that the X consortium is defunct?
I _did_ look at it not too long ago. It doesn't look like it would be
that hard to fix; most of the work seems to be adding a krb5_context
to all of the Kerberos 5 function calls.
Of course, since we don't have the source code to the dang X server on
the SGI, this isn't available for all users :-(
>And even if it did work, the X session is still unencrypted. On the
>other hand, ssh comes with an X11 proxy that provides an encrypted,
>authenticated X session. Has anyone worked on adapting the ssh
>technique for kerberos?
I didn't know about that; _that_ could be really cool. Too bad there isn't
any hooks in X to do encryption :-(
--Ken
