Use ssh key to acquire TGT?

[Ken Hornstein]

>One of these days I'm going to request (for HCOOP) crossrealm trusts
>with the top 10 computer science universities in the USA [*] and
>document (a) my success rate, (b) how many emails it took, and (c) how
>many months from first request to working trust entry.  Hopefully a
>published case study like this will get people to stop pretending that
>crossrealm is actually a legitimate general-purpose solution.

I may be an extreme case, but I have 20 cross-realm keys.  But I
understand your point ... considering all of the confusion about
cross-realm authentication and what it means, sometimes it can be very
hard to convince the right person to make it happen.  And I see from my
list of realms I cross-realm with that it's all based on personal
relationships I have with the admins of those realms.  If I wanted to
cross-realm with, say, Stanford (who we don't currently cross-realm
with) I assume I could just call Russ and we'd take care of it in a few
minutes.  Or maybe not :-)  But a cold-call for doing Kerberos cross-realm
would be a bit of a challenge.

One suggestion?  One-way cross-realm (cross-realm into your realm) might
be easier to swing.

--Ken