Re: Credentials Caching - Security Guy Not Happy

From: Peter Valdemar Mørch <swp5jhu02_at_sneakemail.com>
Date: 2004-08-26 12:30:48 CEST

Max Bowsher maxb-at-ukf.net |Lists| wrote:
> I haven't done it myself, but I'd be surprised if there wasn't a way
> to gat PAM (and therefore ssh, and therefore svn+ssh) authenticating
> against the AD.

Patrick Smears patrick.smears-at-ensoft.co.uk |Lists| wrote:
> I was just about to suggest this... I don't have much experience with
> AD, but it's certainly fairly easy to have SSH authenticate against
> an NT domain... look up the "pam_smb.auth.so" PAM module.

ssh without ssh-add, yes. But that would require password prompting on
every operation just like for http://

But not ssh-agent. ssh-agent asks for the password embedded in
the (local) private key file, not the one stored in /etc/password or in
PAM or whereever on the remote machine. If the key file has a password,
no amount of Active Directory will open it without the password, and if
the key file doesn't have a password, it would be possible to use it
without any Active Directory checking.

Or so I think, anyway! :-D

Peter

-- 
Peter Valdemar Mørch
http://www.morch.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Thu Aug 26 12:31:25 2004

This message: [ Message body ]
Next message: Jacob Atzen: "Re: Why doesn't "users" have a "Reply-To" header back to the list?"
Previous message: Anthony Metcalf: "svn+ssh in windows."
In reply to: Max Bowsher: "Re: Credentials Caching - Security Guy Not Happy"
Next in thread: Max Bowsher: "Re: Credentials Caching - Security Guy Not Happy"
Reply: Max Bowsher: "Re: Credentials Caching - Security Guy Not Happy"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]