ANNOUNCE: Hurdo-0.2.0 - SSH mediated Kerberos Authenticated PAM support.

g.w@hurderos.org g.w at hurderos.org
Mon Jan 9 04:42:00 EST 2012


Good morning, hope the day is starting out well for everyone.

I'd like to announce the availability of a major upgrade to the Hurdo
package.  The update is available at the following URL:

ftp://ftp.hurderos.org/pub/Hurdo/Hurdo-0.2.0.tar.gz

Hurdo implements a patch for OpenSSH to support interactive Kerberos
credential export to a remote host.  The package now includes a PAM
module which allows applications to use the exported credential as an
authentication token.  

The PAM module includes support for instance= and lifetime= arguements
which allow the module to be customized for applications other than
sudo.  PAM support also removes the need for the sudo specific patches
which have been dropped.

In combination these patches allow sudo to be used 'safely' in a
Kerberos environment.  Standard Kerberos support for sudo either
natively or through the use of PAM requires a Kerberos password to be
entered into a remote host which carries with it a system wide
security threat if the remote host is compromised.

This update features the following changes:

0.1.1 -> 0.2.0
	* Implement AP-REQ authentication via pam_krb5apreq module.

	* Drop sudo specific patches.

	* Documentation updates.

As always,
Greg Wettstein
------------------------------------------------------------------------------
			 The Hurderos Project
         Open Identity, Service and Authorization Management

"Don't worry about people stealing your ideas.  If your ideas are any
 good, you'll have to ram them down people's throats."
                                -- Howard Aiken


More information about the Kerberos mailing list