Good morning, hope the day is starting out well for everyone. I'd like to announce the availability of a major upgrade to the Hurdo package. The update is available at the following URL:
ftp://ftp.hurderos.org/pub/Hurdo/Hurdo-0.2.0.tar.gz Hurdo implements a patch for OpenSSH to support interactive Kerberos credential export to a remote host. The package now includes a PAM module which allows applications to use the exported credential as an authentication token. The PAM module includes support for instance= and lifetime= arguements which allow the module to be customized for applications other than sudo. PAM support also removes the need for the sudo specific patches which have been dropped. In combination these patches allow sudo to be used 'safely' in a Kerberos environment. Standard Kerberos support for sudo either natively or through the use of PAM requires a Kerberos password to be entered into a remote host which carries with it a system wide security threat if the remote host is compromised. This update features the following changes: 0.1.1 -> 0.2.0 * Implement AP-REQ authentication via pam_krb5apreq module. * Drop sudo specific patches. * Documentation updates. As always, Greg Wettstein ------------------------------------------------------------------------------ The Hurderos Project Open Identity, Service and Authorization Management "Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats." -- Howard Aiken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos