using a ssh key for krb5 mount

mark mark at mproehl.net
Tue May 18 15:34:25 EDT 2010


On 05/17/2010 05:34 PM, Greg Hudson wrote:
>
> There is actually a mechanism to allow that kind of authentication
> protocol transfer, if the server is trusted.  It originated with
> Microsoft and is alternately called S4U2Proxy or Constrained Delegation.
> However, using it in sshd would require additional code, and getting the
> SSH people to accept additional Kerberos code is basically impossible.
>   
Hi,

wouldn't it be possible to implement s4u in a pam module? There
shouldn't be any need for additional code in OpenSSH

Regards,

Mark Pröhl




More information about the Kerberos mailing list