JSCH provides user authentication mechanism gssapi-with-mic. We should be able to use this interface to implement Kerberos based authentication. In the JCraft library in airvata, we have modified default GSSAPI implementation to incorporate MyProxy (X.509) authentication. We may need to do some code level changes to get both working at the same code. I am not sure out of the box JSCH supports Kerberos. Also I am not sure what sort of changes we need to do to get Kerberos working with JSCH. It could be only adding Kerbeors configuration files and JAAS configuration files, or it could be some code changes we need to do in GSSAPI level. We may need to further investigate this.
In summary it should be possible to implement Kerberos authentication with JSCH but not sure how much work. We need to investigate some time and figure that out. Thanks Amila On Wed, Feb 5, 2014 at 10:20 AM, Raminder Singh <[email protected]>wrote: > JSCH does not do this out of the box. Amila has to extend the Jcraft > library to provide the support. As of my experience, /tools/gsissh should > work with Kerberos authentication. I am not sure about addition to x509 > certificate. X509 certificates are only used with myproxy server. > > Thanks > Raminder > > On Feb 5, 2014, at 9:57 AM, Marlon Pierce <[email protected]> wrote: > > > Will Airavata's gsissh tool (/tools/gsissh) work with Kerberos tickets > > in addition to short term x.509 grid credentials? Or would JSCH do this > > out of the box? > > > > > > Thanks-- > > > > > > Marlon > > > >
