Re: Kerberos + SSH question
- From: none@xxxxxxxxxxx (Nod)
- Date: Fri, 23 Jun 2006 15:46:08 GMT
On Thu, 22 Jun 2006 21:22:53 +0200, Sebastian Hanigk <hanigk@xxxxxxxxx> wrote:
none@xxxxxxxxxxx (Nod) writes:
Hello,
To elaborate just a bit: Kerberos allows the server to believe that it is
talking to a particular Kerberos principal, which is a point in a
namespace entirely separate from the account space the host itself. The
decision of what, if any, local resources to allow this principal access
to is a separate matter. With SSH, you are asking for access to a
resource (account) that doesn't exist. It doesn't matter who you're
authenticated as; there's nothing to give you.
Well, this makes a lot more sense now. Would you happen to know where
I could find a good guide for integrating LDAP with ssh? I've been
over a bunch of them, and just keep getting more confused by LDAP the
more I read.
you don't have to use LDAP for the accounts service; you can
authenticate via Kerberos and then use the /etc/passwd
Regards,
Sebastian
Indeed, but I'm trying to avoid deploying updated passwd files to 100+ servers.
.
- Follow-Ups:
- Re: Kerberos + SSH question
- From: Sebastian Hanigk
- Re: Kerberos + SSH question
- References:
- Kerberos + SSH question
- From: Nod
- Re: Kerberos + SSH question
- From: Richard E. Silverman
- Re: Kerberos + SSH question
- From: Nod
- Re: Kerberos + SSH question
- From: Richard E. Silverman
- Re: Kerberos + SSH question
- From: Nod
- Re: Kerberos + SSH question
- From: Russ Allbery
- Re: Kerberos + SSH question
- From: Richard E. Silverman
- Re: Kerberos + SSH question
- From: Nod
- Re: Kerberos + SSH question
- From: Sebastian Hanigk
- Kerberos + SSH question
- Prev by Date: Re: ktadd from remote server using ssh
- Next by Date: Re: Detecting Kerberos?
- Previous by thread: Re: Kerberos + SSH question
- Next by thread: Re: Kerberos + SSH question
- Index(es):
Relevant Pages
|
