[31146] in Kerberos
Re: Sudo w/Ticket Support
daemon@ATHENA.MIT.EDU (John Washington)
Tue May 19 16:39:57 2009
Date: Tue, 19 May 2009 13:18:43 -0500
From: John Washington <jawashin@illinois.edu>
To: kerberos@mit.edu
Message-ID: <20090519181843.GH12900@kyoto.cites.uiuc.edu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <200905121504.n4CF4Bt9002178@wind.enjellic.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
* greg@enjellic.com <greg@enjellic.com> [2009-05-12 10:18]:
> The user uses the ~S command to initiate the sequence. The user is
> prompted for a password which is used to obtain a TGT which is then
> used to obtain a service ticket which is sent over the channel for
> authentication. By enforcing a very short ticket lifetime parameter
> user immediacy can be enforced.
I find myself impressed with this as a potential solution. I wish you
luck in implementing it, as it is a clean solution to a potentially
clouded issue.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
