Future of kerberised telnet, login, rsh, ftp?
Russ Allbery
rra at stanford.edu
Thu Jul 7 18:10:36 EDT 2005
John Rudd <jrudd at ucsc.edu> writes:
> AFAIK, I wouldn't be able to take a kerberos ticket on my local machine,
> use it to authenticate to sshd on a remote host, forward the ticket to
> the remote host, and have the remote host immediately take that
> forwarded ticket and get me an AFS token. I'm not aware of any way to
> do that only using ssh (at least not with a pre-canned one -- installing
> patches that wont apply against any and every version of OpenSSH is not
> an acceptable solution).
OpenSSH can do this via GSSAPI with the included GSSAPI support, I think
(I think that ticket forwarding was included in the patches that OpenSSH
took). You need a PAM module that acquires AFS tokens from a K5 ticket,
you need to configure sshd to use PAM, and you need to configure ssh to
forward tickets.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list