Use ssh key to acquire TGT?
John Hascall
john at iastate.edu
Sun Jun 3 19:11:01 EDT 2007
> Lets say that there were Kerberos cross-realm trusts created between
> these various organizations. Would that really help? The original
> point was to gain access to the AFS filesystem. Just logging onto the
> machine is possible now using SSH keys. Do other sites use AFS
> "foreign" users through cross-realm trusts? I supect that users will
> dislike the idea of having to change AFS ACLs on a whole bunch of files
> to add the other "foreign" users.
Really? It's not used a terrible lot here,
but when it is used I think our users rather
like being able to add bob at some.place.else
And being a moira-using site, our lists are
all integrated so, doing:
chlist my-research-group -a bob at some.place.else
and being able to use 'my-research-group' for
mail and afs, web and login access controls, etc.
makes it even nicer.
John
More information about the Kerberos
mailing list