ANNOUNCE: Hurdo-0.2.0 - SSH mediated Kerberos Authenticated PAM support.

Frank Cusack frank at
Mon Jan 9 12:42:55 EST 2012

Thanks for you continued work on this.

On Mon, Jan 9, 2012 at 1:42 AM, <g.w at> wrote:

> Good morning, hope the day is starting out well for everyone.
> I'd like to announce the availability of a major upgrade to the Hurdo
> package.  The update is available at the following URL:
> Hurdo implements a patch for OpenSSH to support interactive Kerberos
> credential export to a remote host.  The package now includes a PAM
> module which allows applications to use the exported credential as an
> authentication token.
> The PAM module includes support for instance= and lifetime= arguements
> which allow the module to be customized for applications other than
> sudo.  PAM support also removes the need for the sudo specific patches
> which have been dropped.
> In combination these patches allow sudo to be used 'safely' in a
> Kerberos environment.  Standard Kerberos support for sudo either
> natively or through the use of PAM requires a Kerberos password to be
> entered into a remote host which carries with it a system wide
> security threat if the remote host is compromised.
> This update features the following changes:
> 0.1.1 -> 0.2.0
>        * Implement AP-REQ authentication via pam_krb5apreq module.
>        * Drop sudo specific patches.
>        * Documentation updates.
> As always,
> Greg Wettstein
> ------------------------------------------------------------------------------
>                         The Hurderos Project
>         Open Identity, Service and Authorization Management
> "Don't worry about people stealing your ideas.  If your ideas are any
>  good, you'll have to ram them down people's throats."
>                                -- Howard Aiken
> _______________________________________________
> krbdev mailing list             krbdev at

More information about the Kerberos mailing list