ssh publickey auth w/ kerb

Tom Yu tlyu at MIT.EDU
Mon Jun 2 14:55:07 EDT 2008


"Whitehead, Brian" <bwhitehead at ti.com> writes:

> I'm thinking of the server being ssh'd to ask a kerberos client, because
> it is authenticating the user against the AD server using kerberos.  

Are you considering the ssh server to be a Kerberos client?  While
that may be a valid interpretation, please be aware that in the
context of a Kerberos-authenticated ssh connection, the usual
terminology refers to the ssh server as the application server, and to
the ssh client as be both the application client and the Kerberos
client.  To better distinguish between the Kerberos server and the
application server, we usually call the Kerberos server itself the KDC
(Key Distribution Center).



More information about the Kerberos mailing list