On Fri, 2019-12-06 at 12:25 +0100, Sumit Bose wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Fri, Dec 06, 2019 at 11:15:46AM -0000, Jasper Siepkes wrote: > > Hi, > > > > Thanks for the reply and sorry I missed the other question (my Google-foo > > is apparently a bit weak today ;-). > > > > > To cut it short, this is not possible because many login programs need to > > > information about the user before the password or other credentials > > are available. > > > > Would you folks be open to a patch which adds a flag to use the users own > > Kerberos credentials for environments where hosts are less trusted (ie. > > desktop deployments)? The documentation could add a warning that this won't > > work for all deployment scenario's. > > > > I understand this might be a problem for applications like ssh however > > those kind of applications are not part of a normal office desktop > > deployment I think. Those type of applications are usually part of server > > deployment scenarios where the host itself is also more trusted then some > > desktop sitting in an office. > > Hi, > > sshd was just an example, afaik all login programs currently look up the > user before requesting credentials.
I don't think so. I have had problems with just sshd only when trying do clever things just because ssh looks up the user before trying to login. Jocke _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
