Thanks for you continued work on this. On Mon, Jan 9, 2012 at 1:42 AM, <g...@hurderos.org> wrote:
> Good morning, hope the day is starting out well for everyone. > > I'd like to announce the availability of a major upgrade to the Hurdo > package. The update is available at the following URL: > > ftp://ftp.hurderos.org/pub/Hurdo/Hurdo-0.2.0.tar.gz > > Hurdo implements a patch for OpenSSH to support interactive Kerberos > credential export to a remote host. The package now includes a PAM > module which allows applications to use the exported credential as an > authentication token. > > The PAM module includes support for instance= and lifetime= arguements > which allow the module to be customized for applications other than > sudo. PAM support also removes the need for the sudo specific patches > which have been dropped. > > In combination these patches allow sudo to be used 'safely' in a > Kerberos environment. Standard Kerberos support for sudo either > natively or through the use of PAM requires a Kerberos password to be > entered into a remote host which carries with it a system wide > security threat if the remote host is compromised. > > This update features the following changes: > > 0.1.1 -> 0.2.0 > * Implement AP-REQ authentication via pam_krb5apreq module. > > * Drop sudo specific patches. > > * Documentation updates. > > As always, > Greg Wettstein > > ------------------------------------------------------------------------------ > The Hurderos Project > Open Identity, Service and Authorization Management > > "Don't worry about people stealing your ideas. If your ideas are any > good, you'll have to ram them down people's throats." > -- Howard Aiken > _______________________________________________ > krbdev mailing list krb...@mit.edu > https://mailman.mit.edu/mailman/listinfo/krbdev > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos