On 9 Feb 2010, at 15:24, Ken Raeburn wrote:
> The idea has been kicked around before, and I believe one variant
> (registering a new host principal over a kadmin session protected by
> anonymous PKINIT) has been tried out in MIT's current development code.
What we do here is require the input
On Feb 9, 2010, at 05:17, Guillaume Rousse wrote:
> However, this is still a bit painful, as it can't be included in
> automatic installation scenarios, for instance. And requires us to track
> information for each user, which doesn't prove to be very useful. I was
> wondering of the security im
Hello list.
In order to allow our users to set up their own machines for kerberized
NFS, we deployed a custom CGI application allowing them, once
autenticated, to create nfs/hostname principals, and extract
corresponding keytab file. As part of the process, they register
themselves as owner of