AFS and tokenforwarding
Dug Song
dugsong at monkey.org
Fri Oct 5 05:34:34 EST 2001
On Thu, Oct 04, 2001 at 09:23:53PM +0200, Bjoern Groenvall wrote:
> The token is passed in a "usable form", i.e both ticket and the
> corresponding session key is passed.
yep, this is why people liked it, so they could use RSA auth with AFS
home directories. but i never liked this. i suppose we could make this
configurable, but this is somewhat scary...
> The user should not forward a TGT before the server has been
> authenticated. With ssh v1 this is however not possible, regardless if
> this is done before or after user authentication the server is still
> not properly authenticated.
?
SSH-1 krb4 support requires the server to return the incremented
challenge successfully encrypted with the session key.
-d.
---
http://www.monkey.org/~dugsong/
More information about the openssh-unix-dev
mailing list