Re: GSSAPI Key Exchange Patch for OpenSSH 4.7p1
This is a discussion on Re: GSSAPI Key Exchange Patch for OpenSSH 4.7p1 within the OpenSSH Development forums, part of the Networking and Network Related category; On 1 Mar 2008, at 03:12, Russ Allbery wrote: > Matthew Andrews <matt@slackers.net> writes: > &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-01-2008
|
|||
|
|||
Re: GSSAPI Key Exchange Patch for OpenSSH 4.7p1
On 1 Mar 2008, at 03:12, Russ Allbery wrote: > Matthew Andrews <matt@slackers.net> writes: > >> Hmmm.... The cascading credentials code sounds interesting, but >> raises >> the practical question of how does one deal with derived credentials. >> > Just re-run the session PAM stack with PAM_REFRESH_CREDS set, the > same as > what a screensaver would do. This does all the right things with > derived > credentials if your PAM modules are properly written. This is exactly what my cascading credentials code for OpenSSH does. It uses an additional PAM stack (so you can set different options than the 'main' ssh PAM stack) which it calls the session layer of whenever credentials are renewed. We use this to renew both AFS tokens, and KX509 certificates. Informatics are now running this code in production. I expect to be making a public release next week. Cheers, Simon. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 10:20 PM.
