Use ssh key to acquire TGT?
Christopher D. Clausen
cclausen at acm.org
Fri Jun 1 14:03:56 EDT 2007
Adam Megacz <megacz at hcoop.net> wrote:
> John Hascall <john at iastate.edu> writes:
>> How many of the top-10 use Kerberos?
>> And what exactly is the top-10 (which list?)(
>> For the sale of argument lets say they are:
>
> Well, based on AFS usage (which requires Kerberos right now), all of
> the schools on your list except UT Austin must have a KDC running.
UIUC has AFS? Is there some other UIUC that I don't know about?
(There is a UIUC.EDU realm, but its certainly not used for AFS in any
official UIUC supported capacity. Its mostly for web-based
authentication using bluestem:
https://www-s.uiuc.edu/bluestem/notes/overview.html )
>> Plus, would you need to get all 10?
>
> How many of the ten I get would be the most useful statistic.
I'll note that as a unit within the UIUC campus I have been unable to
get a trust either inbound or outbound from the UIUC.EDU realm.
>> But, your point is well taken. Perhaps
>> what would be more useful is if somebody
>> like educase served as a central crossrealm
>> hub (everyone exchanges keys with them and
>> gets a current capaths file).
>
> Based on my experience with university administrations, this is even
> less politically feasible. :)
You might want to look at this:
http://www.incommonfederation.org/
It appears to be mostly for web-based SSO, but it might be possible to
use x.509 or Kerberos in some way as well.
<<CDC
More information about the Kerberos
mailing list