Russ Allbery wrote: > Douglas E Engert <[EMAIL PROTECTED]> writes: > The client is, understandably, not going to forward the ticket until after > the authentication step is complete, so what this basically means is > authenticating the user, accepting the forwarded ticket, and then > reauthenticating the user. I guess it would be possible to do this, but > ew. I'm guessing ew would be the OpenSSH upstream reaction too.
Processing of the .k5login file is not an authentication operation, it is an authorization operation. Therefore, it is perfectly reasonable for the client to mutually authenticate with a server, forward a ticket and then have access rejected due to an authorization failure. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
