Hi everyone,It's been a while since I think about a *proxy* functionnality for remctl that could allow, in a scenario like:
[client ([email protected])] --> [remctl server 1 / command *the_command*]
to delegate credentials from client to remctl server (credentials could be stored in a ccache like SSH does when GSSAPI delegation occurs). The command *the_command* executed on remctl server [remctl server 1] could then execute other remctl chained commands with user credentials.
This could allow one to call other remctl commands within a remctl server command.
Each delegated credential should also be isolated from the others (just like SSH does). Of course this should be optional and specified as an option for each command defined on the server.
For now, I do already have a very simple but working version of remctl with modified client and server to accomplish this.
Now comes the time I ask you what you think about this idea ?Do you think that this is a *MUST HAVE* functionnality for remctl or are we the only one interested in this at CC-IN2P3 :-)
Cheers Rémi
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
