f



Using ssh-keys for kerberos authentication

Hi!

I'm wondering wether it is (at least theoretically) feasible to use a 
ssh-key to get kerberos tokens!? This is fairly important to me, since 
filesystems such as coda, afs of nfsv4 depend on kerberos-authentication 
to access the filespace.

Patches for ssh exist that pass the token before trying to acces 
..ssh/authorized_keys , but what if one doesn't even have tokens?

Thanks in advance,
Michael
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
0
michael.tautschnig (12)
10/13/2004 9:36:15 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

2 Replies
696 Views

Similar Articles

[PageSpeed] 28
See related articles to this posting 


>>>>> "Michael" == Michael Tautschnig <michael.tautschnig@zt-consulting.com> writes:

    Michael> Hi!  I'm wondering wether it is (at least theoretically)
    Michael> feasible to use a ssh-key to get kerberos tokens!? This
    Michael> is fairly important to me, since filesystems such as
    Michael> coda, afs of nfsv4 depend on kerberos-authentication to
    Michael> access the filespace.

It is theoretically possible.  You would need to modify the Kerberos
KDC to support this.

Why not just use Kerberos authentication at the ssh layer though.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
0
hartmans (370)
10/13/2004 9:48:03 PM 
>
>    Michael> Hi!  I'm wondering wether it is (at least theoretically)
>    Michael> feasible to use a ssh-key to get kerberos tokens!? This
>    Michael> is fairly important to me, since filesystems such as
>    Michael> coda, afs of nfsv4 depend on kerberos-authentication to
>    Michael> access the filespace.
>
> It is theoretically possible.  You would need to modify the Kerberos
> KDC to support this.
Is there anyone out there planning to do this? If not, could someone give 
me some hints where to start?


>
> Why not just use Kerberos authentication at the ssh layer though.
People like ssh-keys and they are considered rather secure, passwords are 
not (they are more vulnerable to brute-force-attacks).

Thanks in advance,
Michael
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
0
michael.tautschnig (12)
10/14/2004 7:20:59 AM
Reply: