Quoth [EMAIL PROTECTED] (Sam Hartman):
| >>>>> "Donn" == Donn Cave <[EMAIL PROTECTED]> writes:
|
| Donn> What you describe is kind of a perversion of single signon.
| Donn> The real thing happens on the local computer, not some
| Donn> remote computer.
|
| UH, no, this is single signon. Single signon means that I get all the
| credentials to access services at the site from one signon. This
| includes things like getting to IMAP mail, filesystems and local
| applications. It also includes getting to services like shells
| exported by some machines. IT happens that these shell services
| often need proxy authentication to be useful.
I might have misunderstood him. What I was getting was, you log in
to a remote host, and acquire a TGT in the process that gives you
access to remote services from there. For example, connect via ssh,
sshd takes your password and acquires an initial ticket granting ticket
while validating it against the KDC, and then it and any subsequent
service tickets are available to that session.
The way I count it, that would be single login only if all day long,
that one ssh session accounted for everything you did at the site.
If you ssh to another host in another window, you're going to have
to do another login, because your own computer has no credentials.
Donn Cave, [EMAIL PROTECTED]
