[27875] in Kerberos
Re: Use ssh key to acquire TGT?
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Sun Jun 3 17:25:33 2007
Message-ID: <78274D6B24FA4962AE68DF7777F2D82F@CDCHOME>
From: "Christopher D. Clausen" <cclausen@uiuc.edu>
To: <kerberos@mit.edu>
Date: Sat, 2 Jun 2007 22:28:19 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
John Hascall <john@iastate.edu> wrote:
>> One of these days I'm going to request (for HCOOP) crossrealm trusts
>> with the top 10 computer science universities in the USA [*] and
>> document (a) my success rate, (b) how many emails it took, and (c)
>> how many months from first request to working trust entry.
>> Hopefully a published case study like this will get people to stop
>> pretending that crossrealm is actually a legitimate general-purpose
>> solution.
>
> How many of the top-10 use Kerberos?
> And what exactly is the top-10 (which list?)
Lets say that there were Kerberos cross-realm trusts created between
these various organizations. Would that really help? The original
point was to gain access to the AFS filesystem. Just logging onto the
machine is possible now using SSH keys. Do other sites use AFS
"foreign" users through cross-realm trusts? I supect that users will
dislike the idea of having to change AFS ACLs on a whole bunch of files
to add the other "foreign" users.
(Quickly getting off-topic for the Kerberos list...)
<<CDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
