Forwarding Kerberos Credentials - SSH
Henry B. Hotz
hotz at jpl.nasa.gov
Fri Jun 20 14:34:53 EDT 2003
At 4:52 AM -0400 6/20/03, kerberos-request at mit.edu wrote:
>Date: Thu, 19 Jun 2003 20:21:18 -0700
>From: Frank Cusack <fcusack at fcusack.com>
>To: kerberos at MIT.EDU
>Subject: Re: Forwarding Kerberos Credentials - SSH
> > Secondly I think the term "forwarding" doesn't apply to the scenarios
>> I'm reading about here. If you log in to sshd with your Kerberos
>> password, the remote credentials acquired in the process are actually
>> local in this sense - they reside on the host that acquired them, as
>
>Right. That's not what the poster wants. That's not kerberos
>authentication, that's password authentication.
>
>> sshd did that. When used to authenticate to some service from there,
>> that's just simple basic Kerberos authentication, no forwarding needed.
>
>The original poster wants to login LOCALLY with krb5, ssh to a remote
>machine with KERBEROS authentication; the forwarding is needed so that
>on the remote machine he can subsequently obtain tickets for xyz service
>(say, afs).
>
>/fc
"Me Too" (TM)
So, is that possible?
Ideally, is it possible in an application that only talks generic
SSL, so that it could in turn call a module that made use of the tgt?
(The thread is sshd, but I'm thinking maybe
Apache/{PHP,Perl}/{Postgres,AFS}.)
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Kerberos
mailing list