Use ssh key to acquire TGT?
John Hascall
john at iastate.edu
Fri Jun 1 07:59:04 EDT 2007
> One of these days I'm going to request (for HCOOP) crossrealm trusts
> with the top 10 computer science universities in the USA [*] and
> document (a) my success rate, (b) how many emails it took, and (c) how
> many months from first request to working trust entry. Hopefully a
> published case study like this will get people to stop pretending that
> crossrealm is actually a legitimate general-purpose solution.
How many of the top-10 use Kerberos?
And what exactly is the top-10 (which list?)(
For the sale of argument lets say they are:
mit Yes (duh :)
stanford Yes
cmu Yes
u-mich Yes
u-wash I dunno
uw-madison I dunno
uc-berkeley I dunno
cornell I dunno
ut-austin I dunno
uiuc I dunno
Plus, would you need to get all 10?
(that is do capaths work well enough
that the question is not how soon<1> can
meet in person, with those 10 admins, but how soon
can you auth to all ten transitively)
<1> How often you go to conferences where
such people are likely to be is probably
the driving factor here.
But, your point is well taken. Perhaps
what would be more useful is if somebody
like educase served as a central crossrealm
hub (everyone exchanges keys with them and
gets a current capaths file).
John
More information about the Kerberos
mailing list