Date: Thu, 19 Jun 2003 20:21:18 -0700 From: Frank Cusack <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Forwarding Kerberos Credentials - SSH > Secondly I think the term "forwarding" doesn't apply to the scenariosI'm reading about here. If you log in to sshd with your Kerberos password, the remote credentials acquired in the process are actually local in this sense - they reside on the host that acquired them, as
Right. That's not what the poster wants. That's not kerberos authentication, that's password authentication.
sshd did that. When used to authenticate to some service from there, that's just simple basic Kerberos authentication, no forwarding needed.
The original poster wants to login LOCALLY with krb5, ssh to a remote machine with KERBEROS authentication; the forwarding is needed so that on the remote machine he can subsequently obtain tickets for xyz service (say, afs).
/fc
"Me Too" (TM)
So, is that possible?
Ideally, is it possible in an application that only talks generic SSL, so that it could in turn call a module that made use of the tgt? (The thread is sshd, but I'm thinking maybe Apache/{PHP,Perl}/{Postgres,AFS}.)
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[EMAIL PROTECTED], or [EMAIL PROTECTED]
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
