On Fri, Dec 06, 2019 at 11:15:46AM -0000, Jasper Siepkes wrote: > Hi, > > Thanks for the reply and sorry I missed the other question (my Google-foo is > apparently a bit weak today ;-). > > > To cut it short, this is not possible because many login programs need to > > information about the user before the password or other credentials > are available. > > Would you folks be open to a patch which adds a flag to use the users own > Kerberos credentials for environments where hosts are less trusted (ie. > desktop deployments)? The documentation could add a warning that this won't > work for all deployment scenario's. > > I understand this might be a problem for applications like ssh however those > kind of applications are not part of a normal office desktop deployment I > think. Those type of applications are usually part of server deployment > scenarios where the host itself is also more trusted then some desktop > sitting in an office.
Hi, sshd was just an example, afaik all login programs currently look up the user before requesting credentials. bye, Sumit > > Kind regards, > > Jasper > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
