On 1 Mar 2008, at 03:12, Russ Allbery wrote:
Matthew Andrews [EMAIL PROTECTED] writes:
Hmmm The cascading credentials code sounds interesting, but
raises
the practical question of how does one deal with derived credentials.
Just re-run the session PAM stack with PAM_REFRESH_CREDS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hmmm The cascading credentials code sounds interesting, but raises
the practical question of how does one deal with derived credentials.
For example some sites configure the pam_session code to use delegated
krb5 credentials to acquire additional
Matthew Andrews [EMAIL PROTECTED] writes:
Hmmm The cascading credentials code sounds interesting, but raises
the practical question of how does one deal with derived credentials.
For example some sites configure the pam_session code to use delegated
krb5 credentials to acquire additional
of these in to PuTTY?
Simon Wilkinson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I'm pleased to (finally) announce the availability of my GSSAPI
Key Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains
support for doing GSSAPI user authentication, this only allows
Simon Wilkinson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I'm pleased to (finally) announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for
doing GSSAPI user authentication, this only allows the underlying
On Fri, Sep 28, 2007 at 04:26:14PM -0500, Douglas E. Engert wrote:
Sounds interesting. And yes, I would be interested in
the cascading credentials delegation code. Does the
delegation code depend on the key exchange code?
Protocol-wise, yes, it does.
There's two ways to use the GSS-API in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I'm pleased to (finally) announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.7p1. Whilst OpenSSH contains support for
doing GSSAPI user authentication, this only allows the underlying
security mechanism to authenticate