Problem: I have a need for users to use their individual accounts to maintain websites owned by another account and I'm exploring different options to handle this. For example,a website owned by 'wsowner' needs to be accessed by users 'user1','user2','user3' and more over non-kerberized SSH and SFTP clients.
Possible solution 1: I have tried using a .k5login file in wsowner'shome directory and allowing access to '[EMAIL PROTECTED]','[EMAIL PROTECTED]' and '[EMAIL PROTECTED]'. 'user1' can login over an ssh connection with a ssh.com ssh server and, from what I can tell, sshd acquires a kerberos ticket on behalf of the user. 'user1' can then, over a ssh.com ssh session, ksu to 'wsowner'. I also presume that a user logged in as '[EMAIL PROTECTED]' could connect via a kerberized ssh or sftp client and access the 'wsowner' account directly. However, I would like some way for a non-kerberized ssh/sftp client to login directly as 'wsowner' using the credentials of, for example, '[EMAIL PROTECTED]'. Is this at all possible? Possible solution 2: Create users 'wsowner'-'user1' in the /etc/passwd file with the same UID of 'wsowner'. Map the user to the password for 'user1' somehow via kerberos (using auth_to_local, auth_to_local_names ?) Has anyone had any experience in solving a similiar problem? Any suggestions? Thanks, -Ryan ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
