AFS and tokenforwarding

Dug Song dugsong at
Fri Oct 5 05:34:34 EST 2001

On Thu, Oct 04, 2001 at 09:23:53PM +0200, Bjoern Groenvall wrote:

> The token is passed in a "usable form", i.e both ticket and the
> corresponding session key is passed.

yep, this is why people liked it, so they could use RSA auth with AFS
home directories. but i never liked this. i suppose we could make this
configurable, but this is somewhat scary...

> The user should not forward a TGT before the server has been
> authenticated. With ssh v1 this is however not possible, regardless if
> this is done before or after user authentication the server is still
> not properly authenticated.


SSH-1 krb4 support requires the server to return the incremented
challenge successfully encrypted with the session key.



More information about the openssh-unix-dev mailing list