X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <48EE4085.8030704@cygwin.com>
Date: Thu, 09 Oct 2008 13:33:57 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080723 Fedora/2.0.0.16-1.fc8 Lightning/0.9 Thunderbird/2.0.0.16 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: ssh accepting AD kerberos tickets
References: <48EE2C2A DOT 4090004 AT liddicott DOT com>
In-Reply-To: <48EE2C2A.4090004@liddicott.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Sam Liddicott wrote:
> I've read about cygwin, ssh and network access till my neck hurts.
> 
> It seems to me that if someone :-) integrates ssh kerberos
> authentication such that sshd accepts an AD kerberos ticket, that
> _maybe_ this could be associated with the login and give the client
> session the right credentials to use the network.
> 
> Is this true?
> 
> How big is the hole? Maybe the change-security-token-thingummy just
> needs to hand over some credentials if it has any (making the hole
> small)? Does anyone know?

Are you asking if integrating kerberos is possible and how it might
be done or are you suggesting that this is a way to solve some
problem (like maybe pubkey authentication issues?)  If it's the
latter and is specifically aimed at pubkey, Corinna's LSA authentication
is available in the upcoming 1.7 release.  See the original announcement
from her about this here:

<http://cygwin.com/ml/cygwin-developers/2006-11/msg00000.html>


-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/