ANNOUNCE: Hurdo-0.2.0 - SSH mediated Kerberos Authenticated PAM support.
Frank Cusack
frank at linetwo.net
Mon Jan 9 12:42:55 EST 2012
Thanks for you continued work on this.
On Mon, Jan 9, 2012 at 1:42 AM, <g.w at hurderos.org> wrote:
> Good morning, hope the day is starting out well for everyone.
>
> I'd like to announce the availability of a major upgrade to the Hurdo
> package. The update is available at the following URL:
>
> ftp://ftp.hurderos.org/pub/Hurdo/Hurdo-0.2.0.tar.gz
>
> Hurdo implements a patch for OpenSSH to support interactive Kerberos
> credential export to a remote host. The package now includes a PAM
> module which allows applications to use the exported credential as an
> authentication token.
>
> The PAM module includes support for instance= and lifetime= arguements
> which allow the module to be customized for applications other than
> sudo. PAM support also removes the need for the sudo specific patches
> which have been dropped.
>
> In combination these patches allow sudo to be used 'safely' in a
> Kerberos environment. Standard Kerberos support for sudo either
> natively or through the use of PAM requires a Kerberos password to be
> entered into a remote host which carries with it a system wide
> security threat if the remote host is compromised.
>
> This update features the following changes:
>
> 0.1.1 -> 0.2.0
> * Implement AP-REQ authentication via pam_krb5apreq module.
>
> * Drop sudo specific patches.
>
> * Documentation updates.
>
> As always,
> Greg Wettstein
>
> ------------------------------------------------------------------------------
> The Hurderos Project
> Open Identity, Service and Authorization Management
>
> "Don't worry about people stealing your ideas. If your ideas are any
> good, you'll have to ram them down people's throats."
> -- Howard Aiken
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
More information about the Kerberos
mailing list