Help, I'm thoroughly confused. What is the best recommended direction for single
authentication being proposed by the IETF, or is there? I can see Kerb feeding public key
applications a TGT or visa versa from PKI app's with PKINIT. It looks clear to me the PKI infrastructure
has been set by the IETF, but I'm getting tired looking for a common approach and sorting through
RFC's. Is Kerb/PKI a pipe dream, should the infrastructure center around the TGT or a RSA key,
or do I have to run both? I'm not sure where KINK fits in, but this is what I'd like:
Single OS signon regardless of OS, Kerberos, etc must coexist & send or receive
authentication (RSA?).
This same sign-on would provide RSA authentication to SSH, SSL/TLS,
S/MIME, PKIX and IPSEC.
I don't want to run two or parallel authentication schemes.
Cybersafe has there product, but is this the right approach? The OpenGroup has
their PKI, but what about host authentication at login?
I have searched literally for days to understand how should one authenticate
symetrically or asymetrically, etc. Is there a best practice approach here. I prefer
an opensource solution, and the closest I can come is with Heimdal and the typical
opensource tools for shell, transport, email, etc. Any contact, explanation or doc would
be great, TIA..
cs
