Ron Young
2001-May-27 03:37 UTC
requesting advice on integrating openssh & solaris secure RPC
Hi: I am new to the list and new to developing secure applications. I have been reading the archives to see if anyone has integrated openssh with solaris 8 secure RPC. It doesn't look like there is any support to do this openssh. I have started on a preliminary patch to openssh-2.5.2p2 to automatically authenticate secure rpc using the same password used by sshd to authenticate the user. Here is some brief background on our environment: a collection of solaris fileservers and workstations. home directories are mounted to workstations via secure RPC/NFS. so users have to have their secure rpc authentication setup as part of the session creation done by sshd. all external sessions must connect using openssh and a password (i.e. no authorized_keys allowed for first connection). once connected to one of our systems, the user should not have to re-enter their password. whatever method is used should be transparent to user (i.e. should not interfere with anything they may use: ssh-agents, port forwarding, etc...) I have the initial connection (with password) successfully working with secure RPC/NFS. My next step is to somehow get it so this carries over when the user connects to another workstation using authorized_keys to avoid having to re-enter their password. I have a couple of ideas that I would like some feedback on... 1) generate a restricted command key that somehow contains the information required to authenticate to secure NFS on the new workstation. 2) encrypt to the initial password used to access the system and pass it along as an environment variable that the new workstation's sshd would use. 3) use the ssh-agent mechanism to store the secure rpc password so that the ssh client can send it along to the new workstation's sshd. any thoughts on whether the above are not recommended and/or how they should be implemented would be greatly appreciated. thanks -ron young ==============================================================================Ron Young, Sr. Software Design Engineer & System Admin. (702) 895-1070 (voice) Information Science Research Institute (702) 895-1183 (fax) University of Nevada, Las Vegas (UNLV/ISRI) ron at isri.unlv.edu Box 454021, Las Vegas, NV 89154
Apparently Analagous Threads
- Samba using a MySQL passdb for machine records
- New Vegas Script Extender: Works if I only click on it?
- Re: Anyone able to install Sony Vegas HD Platinum in a linux os?
- Problem with Sony Vegas Pro 9.0 and Wine
- Work hard, Play harder at 2011 Nightclub & Bar Convention in
Wisdom of the Ancients
