Hi, I'd like to leverage our Kerberos (and Wallet) infrastructure to enable non-interactive SSH/SCP between two servers for a given user. Is this possible? Using MIT Kerberos 1.10 on Ubuntu 12.04 everywhere, currently still with Wallet from prior to 1.0 (but after 0.12).
The scenario is this: We have a Jenkins build server (build01) and an APT repo server (apt01, using Freight [1]). Jenkins does what it does and in the end creates DEB packages. Those DEB packages should land on the APT repo server and the APT repo should be updated with the new packages. This works as expected using SSH public key authentication. On the shell it looks like this: jenkins@build01:~$ scp *.deb jenkins@apt01:/path/to/packages jenkins@build01:~$ ssh jenkins@apt01 "/usr/local/bin/update-apt-repo" After that the APT repo server has the new packages, signed and ready for installation. I have implemented a Wallet infrastructure according to Jan-Piet Mens's excellent article [2] and distributed Keytabs for all servers (using Puppet). I can interactively and without passwords log into any of those servers after doing a "kinit" as my user. So what can I do to avoid SSH public key authentication and instead use Kerberos and possibly Wallet to implement the described scenario? Thanks, Andreas [1] https://github.com/rcrowley/freight [2] http://jpmens.net/2012/06/25/streamlining-distribution-of-kerberos-keytabs-and-other-secure-data/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
