Displaying 5 results from an estimated 5 matches for "mailto628496".
Did you mean:
mailto428496
2018 Dec 19
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
...the agent would be nice too.
Anyway, I wanted to toss this out there. Such functionality would
certainly help us a lot but I know that there would need to be
sufficient interest in order for such a thing to get into the mainstream.
Jim
>
> On Wed, Dec 19, 2018 at 1:31 AM mailto428496 <mailto628496 at cox.net> wrote:
>> Alon,
>>
>> I should have provided more background. You are assuming that I could
>> perform the PKINIT prior to connecting to the SSH server. In this case
>> (and others) there is an interest in not exposing the kerberos servers
>> to...
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
...gy, the PK is used at
> authentication phase only and if smartcards are being used this phase
> is performed on local machine, once TGT is available, the remaining of
> the interaction is kerberos only.
>
> Regards,
> Alon
>
> On Wed, Dec 19, 2018 at 1:10 AM mailto428496 <mailto628496 at cox.net> wrote:
>> I know OpenSSH currently supports PKCS11 devices (such as smartcards)
>> for publickey authentication, but I would love to see PKCS11 extended
>> further. It is currently possible to perform PKCS11 certificate
>> authentication, via pam_krb5.so (on...
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
I know OpenSSH currently supports PKCS11 devices (such as smartcards)
for publickey authentication, but I would love to see PKCS11 extended
further. It is currently possible to perform PKCS11 certificate
authentication, via pam_krb5.so (on Linux at least and likely something
similar on other *NIX) which allows smartcard auth to a Kerberos
(including AD) server, where a TGT can also be granted.
2020 Jun 03
2
Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source
Peter,
On 2020-06-03 12:14, Peter Stuge wrote:
> mailto428496 wrote:
>> We would like to associate two different types of public keys
>> with each user's account.? One would be a "client machine" public key
>> (of which there could be several, if the user is allowed to login from
>> multiple systems) and the other would be a public key from a user token,
2020 Jun 03
7
Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source
I don't see a way to do this currently (unless I am missing something)
but I would like to be able to specify, that in order for a user to
login, they need to use at least 1 public key from 2 separate key
sources.? Specifically this would be when using "AuthenticationMethods
publickey,publickey".? Right now requiring 2 public keys for
authentication will allow 2 public keys from