Use ssh key to acquire TGT?
Adam Megacz
megacz at hcoop.net
Sat Jun 2 14:03:09 EDT 2007
Jeffrey Altman <jaltman at secure-endpoints.com> writes:
>> Hrm, last I checked there was no RFC, just an internet-draft.
> RFC 4456
> http://www.ietf.org/rfc/rfc4556.txt
Wow, sweet. What is the implementation status in current KDC's (MIT
and Heimdal)?
Currently my thinking is to patch pam_krb5 and add a flag that causes
it to use $SSH_AUTH_SOCK to contact the user's ssh-agent, and get the
agent to sign the PKINIT protocol requests. This way the pam stack:
pam_ssh_agent
pam_krb5
pam_afs_session
should do everything automatically.
- a
More information about the Kerberos
mailing list