Steve Lammert <[EMAIL PROTECTED]> writes:
> ... but has anyone done any work with AFS and/or Kerberos and/or SSH to
> make it use keys for authentication? I.e. store one's public key in the
> Kerberos database instead of an encrypted password, and authenticate by
> sending a string encrypted with the private key stored on one's local
> disk?
There's something called public-key support in Kerberos, see the
internet draft draft-ietf-cat-kerberos-pk-init-11.txt. As for
implementations, neither the Transarc KA-server, the MIT krb5 KDC, or
the Heimdal krb5 KDC supports it, but there might be patches for the
MIT-one.
> Or alternatively, has anyone modified SSH to use a local Kerberos
> token to authenticate at the remote machine, as for authenticating
> rsh/rcp?
Yes, ssh can use krb4/krb5 for authentication.
krb5-support is built-in in Finish ssh-1.2.27.
v4 support available from http://naughty.monkey.org/~dugsong/ssh-afs/
k5/DCE-support also from ftp://achilles.ctd.anl.gov/pub/kerberos.v5/
OpenSSH should already come with v4/v5 support.
Hope this helps,
/assar
