[27857] in Kerberos
Re: Use ssh key to acquire TGT?
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Fri Jun 1 14:39:42 2007
Message-ID: <90DA7B8734284CB0A8342352D378468C@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: <kerberos@mit.edu>
Date: Fri, 1 Jun 2007 13:03:56 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Adam Megacz <megacz@hcoop.net> wrote:
> John Hascall <john@iastate.edu> writes:
>> How many of the top-10 use Kerberos?
>> And what exactly is the top-10 (which list?)(
>> For the sale of argument lets say they are:
>
> Well, based on AFS usage (which requires Kerberos right now), all of
> the schools on your list except UT Austin must have a KDC running.
UIUC has AFS? Is there some other UIUC that I don't know about?
(There is a UIUC.EDU realm, but its certainly not used for AFS in any
official UIUC supported capacity. Its mostly for web-based
authentication using bluestem:
https://www-s.uiuc.edu/bluestem/notes/overview.html )
>> Plus, would you need to get all 10?
>
> How many of the ten I get would be the most useful statistic.
I'll note that as a unit within the UIUC campus I have been unable to
get a trust either inbound or outbound from the UIUC.EDU realm.
>> But, your point is well taken. Perhaps
>> what would be more useful is if somebody
>> like educase served as a central crossrealm
>> hub (everyone exchanges keys with them and
>> gets a current capaths file).
>
> Based on my experience with university administrations, this is even
> less politically feasible. :)
You might want to look at this:
http://www.incommonfederation.org/
It appears to be mostly for web-based SSO, but it might be possible to
use x.509 or Kerberos in some way as well.
<<CDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
