On Fri, 2019-12-06 at 12:25 +0100, Sumit Bose wrote:
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender and know the content
On Fri, Dec 06, 2019 at 11:15:46AM -0000, Jasper Siepkes wrote:
> Thanks for the reply and sorry I missed the other question (my Google-foo is
apparently a bit weak today ;-).
> > To cut it short, this is not possible because many login programs need to
information about the user before the password or other credentials
> are available.
> Would you folks be open to a patch which adds a flag to use the users own Kerberos
credentials for environments where hosts are less trusted (ie. desktop deployments)? The
documentation could add a warning that this won't work for all deployment
> I understand this might be a problem for applications like ssh however those kind of
applications are not part of a normal office desktop deployment I think. Those type of
applications are usually part of server deployment scenarios where the host itself is also
more trusted then some desktop sitting in an office.
sshd was just an example, afaik all login programs currently look up the
user before requesting credentials.
I don't think so. I have had problems with just sshd only when trying do clever things
ssh looks up the user before trying to login.