On 05/17/2010 05:34 PM, Greg Hudson wrote: > > There is actually a mechanism to allow that kind of authentication > protocol transfer, if the server is trusted. It originated with > Microsoft and is alternately called S4U2Proxy or Constrained Delegation. > However, using it in sshd would require additional code, and getting the > SSH people to accept additional Kerberos code is basically impossible. > Hi,
wouldn't it be possible to implement s4u in a pam module? There shouldn't be any need for additional code in OpenSSH Regards, Mark Pröhl ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
