Use ssh key to acquire TGT?
Christopher D. Clausen
cclausen at uiuc.edu
Sat Jun 2 23:28:19 EDT 2007
John Hascall <john at iastate.edu> wrote:
>> One of these days I'm going to request (for HCOOP) crossrealm trusts
>> with the top 10 computer science universities in the USA [*] and
>> document (a) my success rate, (b) how many emails it took, and (c)
>> how many months from first request to working trust entry.
>> Hopefully a published case study like this will get people to stop
>> pretending that crossrealm is actually a legitimate general-purpose
>> solution.
>
> How many of the top-10 use Kerberos?
> And what exactly is the top-10 (which list?)
Lets say that there were Kerberos cross-realm trusts created between
these various organizations. Would that really help? The original
point was to gain access to the AFS filesystem. Just logging onto the
machine is possible now using SSH keys. Do other sites use AFS
"foreign" users through cross-realm trusts? I supect that users will
dislike the idea of having to change AFS ACLs on a whole bunch of files
to add the other "foreign" users.
(Quickly getting off-topic for the Kerberos list...)
<<CDC
More information about the Kerberos
mailing list