X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
Date: Thu, 09 Oct 2008 17:07:06 +0100
Subject: ssh accepting AD kerberos tickets
Envelope-To: cygwin AT cygwin DOT com
Message-ID: <48EE2C2A.4090004@liddicott.com>
From: "Sam Liddicott" <sam AT liddicott DOT com>
User-Agent: Thunderbird 2.0.0.17 (X11/20080925)
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

I've read about cygwin, ssh and network access till my neck hurts.

It seems to me that if someone :-) integrates ssh kerberos
authentication such that sshd accepts an AD kerberos ticket, that
_maybe_ this could be associated with the login and give the client
session the right credentials to use the network.

Is this true?

How big is the hole? Maybe the change-security-token-thingummy just
needs to hand over some credentials if it has any (making the hole
small)? Does anyone know?

Sam

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/