[27876] in Kerberos
Re: Use ssh key to acquire TGT?
daemon@ATHENA.MIT.EDU (John Hascall)
Sun Jun 3 19:11:27 2007
To: "Christopher D. Clausen" <cclausen@uiuc.edu>
In-reply-to: Your message of Sat, 02 Jun 2007 22:28:19 -0500.
<78274D6B24FA4962AE68DF7777F2D82F@CDCHOME>
Date: Sun, 03 Jun 2007 18:11:01 CDT
Message-ID: <5082.1180912261@malison.ait.iastate.edu>
From: John Hascall <john@iastate.edu>
Cc: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> Lets say that there were Kerberos cross-realm trusts created between
> these various organizations. Would that really help? The original
> point was to gain access to the AFS filesystem. Just logging onto the
> machine is possible now using SSH keys. Do other sites use AFS
> "foreign" users through cross-realm trusts? I supect that users will
> dislike the idea of having to change AFS ACLs on a whole bunch of files
> to add the other "foreign" users.
Really? It's not used a terrible lot here,
but when it is used I think our users rather
like being able to add bob@some.place.else
And being a moira-using site, our lists are
all integrated so, doing:
chlist my-research-group -a bob@some.place.else
and being able to use 'my-research-group' for
mail and afs, web and login access controls, etc.
makes it even nicer.
John
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
