SSH mediated Kerberos authenticated sudo.
frank+krb at linetwo.net
Wed May 11 16:00:08 EDT 2011
On Wed, Dec 22, 2010 at 10:31 AM, <g.w at hurderos.org> wrote:
In my followup idea on having the server initiate the request for the fresh
credential, any thoughts on how to present a secure UI to the user so that
he knows this is ACTUALLY a local password request and not something being
mocked up by a compromised server?
With the client-initiated escape sequence, I think it's less of a concern
since as long as the client software is not tampered with the user has a
guarantee that they are actually entering their password locally. And if
the client software IS tampered with, then all bets are off anyway.
More information about the krbdev