Use case:
User authenticated at his desktop and has a TGT. He then SSH to system A using GSSAPI. From system A he needs to how to system B and then C and so on. Currently such behavior requires full delegation. It can also be accomplished with constrained delegation.
If all systems are enrolled with IPA and IPA constrained delegation policy is configured to allow hosts ABC to delegate to each other the user should be able to hop around.
A bonus would be to be able to mount secure NFS with kerberos from each host the user hops into.
Scope of work
This might be a candidate for a thesis work.
Metadata Update from @dpal: - Issue assigned to simo - Issue set to the milestone: X - DEFERRED
Project has moved please reopen here if still an issue: https://github.com/gssapi/gssproxy/issues
Metadata Update from @simo: - Issue close_status updated to: Deferred - Issue priority set to: None (was: 3) - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.