using a ssh key for krb5 mount
mark
mark at mproehl.net
Tue May 18 15:34:25 EDT 2010
On 05/17/2010 05:34 PM, Greg Hudson wrote:
>
> There is actually a mechanism to allow that kind of authentication
> protocol transfer, if the server is trusted. It originated with
> Microsoft and is alternately called S4U2Proxy or Constrained Delegation.
> However, using it in sshd would require additional code, and getting the
> SSH people to accept additional Kerberos code is basically impossible.
>
Hi,
wouldn't it be possible to implement s4u in a pam module? There
shouldn't be any need for additional code in OpenSSH
Regards,
Mark Pröhl
More information about the Kerberos
mailing list