Kerberos and authorizied_keys
Dan Peterson
petesea at bigfoot.com
Wed Feb 22 11:21:45 EST 2006
How reasonable, acceptable and difficult would it be to "enhance" openssh
so authorizations using kerberos (specifically kerberos tickets) consulted
the authorized_keys file? And to be a bit more precise... consulted
authorized_keys so it could utilize any "options" (eg. from=, command=,
environment=, etc) that may be present?
I'm willing to make custom changes, but would prefer if this was standard
behavior, so I thought I'd check to see how likely a change like this
would have of getting put in the standard source.
My plan (and I haven't really looked at the source) would be to add a new
"key type"... say "ssh-krb" where the "key" would be the kerberos
principal.
Would having this new key-type break anything for openssh clients that
don't recognize it? Or is the code smart enough just to ignore unknown
key-types?
The main purpose for this so we can use ssh as a tunnel for CVS and
Subversion clients. We need to use kerberos for authentication and we
need to restrict the commands the user can execute. The authorized_keys
"command=" facility seems to be the perfect solution except it doesn't
work with kerberos.
I'm certainly willing to consider alternate solutions... especially if
they don't involve a custom change to openssh. But at the present time
the best alternative I've come up with is forcing all the users to have a
custom login shell and that's not really going to work.
More information about the openssh-unix-dev
mailing list