OpenSSH 4.3p2, MIT KfW 3.0 and Cygwin
Dan Peterson
petesea at bigfoot.com
Tue Apr 18 05:00:57 EST 2006
On Wed, 12 Apr 2006, Carson Gaspar wrote:
> --On Wednesday, April 12, 2006 2:26 PM -0700 Dan Peterson
> <petesea at bigfoot.com> wrote:
>
>> The GOAL is a GSSAPI enabled ssh client (preferably with gssapi-keyex
>> support) that uses the nice GUI front-end provided by KfW. Those
>> windows users get too confused if you tell them they have to go to the
>> command prompt and run "kinit" every morning.
>
> FYI if you use the native SSPI, your tickets are refreshed every time
> you unlock your screen. Of course SSPI presumes you either use your AD
> servers as your KDCs for all systems, or that you have a trust
> relationship between the realms.
I'm (mostly) aware of SSPI, but as I understand it, it means the
authentication for the entire workstation needs to change. I only want to
use ssh with gssapi on a per application basis (CVS/Subversion). Simply
put, I don't have enough control over the developers (thousands) to
require they change the authentication defaults for their workstation.
Nor do I have ANY control over the KDCs or AD servers.
More information about the openssh-unix-dev
mailing list