I've had this little hack sitting around (and in use) for a while so
I thought I would post it to the net to get some feedback and see if
other people find it useful.
kftgt/kfttd will forward your Kerberos ticket granting ticket from
one host to another, over an encrypted channel. You do NOT have to enter
your password as it extracts your current TGT from your ticket cache and
forwards that to the remote host. This only works if you are using the
AFS Kerberos server since it ignores IP address in TGTs.
The normal use would be something like:
kftgt slapshot # forward your tgt
rlogin slapshot -x # do an ecnrypted rlogin
Then the login program (or your .login script) can run aklog to get you
an AFS token once you login.
In order for all this to work you need the following:
1. You have to be running the AFS Kerberos server because it ignores
IP address in TGTs. It wont' work under MIT's V4 unless you've hacked
your V4 server.
2. You have to have kftgtd started from inetd on the host you are
forwarding your ticket to.
3. The host you are forwarding you ticket to must be registered in the
Kerberos database using the standard rcmd.hostname principal, and
have a srvtab file (of course).
4. You need Kerberos libraries to build kftgt/kftgtd.
Getting kftgt/kftgtd:
ftp://jessica.stanford.edu:/pub/kftgt-1.0.tar.Z
file:/afs/ir.stanford.edu/users/s/schemers/Public/kftgt-1.0.tar.Z
There is a README file and man pages (!) in the tar file.
Roland
--
Roland J. Schemers III | Networking Systems
Authentication Services Programmer | 414 Sweet Hall +1 (415) 723-6740
Distributed Computing Operations | Stanford, CA 94305-3090
Stanford University | [EMAIL PROTECTED]
