using a ssh key for krb5 mount

[mark]

On 05/17/2010 05:34 PM, Greg Hudson wrote:
>
> There is actually a mechanism to allow that kind of authentication
> protocol transfer, if the server is trusted.  It originated with
> Microsoft and is alternately called S4U2Proxy or Constrained Delegation.
> However, using it in sshd would require additional code, and getting the
> SSH people to accept additional Kerberos code is basically impossible.
>   
Hi,

wouldn't it be possible to implement s4u in a pam module? There
shouldn't be any need for additional code in OpenSSH

Regards,

Mark Pröhl