On Fri, Dec 06, 2019 at 11:15:46AM -0000, Jasper Siepkes wrote:
Hi,
Thanks for the reply and sorry I missed the other question (my Google-foo is apparently a bit weak today ;-).
To cut it short, this is not possible because many login programs need to information about the user before the password or other credentials
are available.
Would you folks be open to a patch which adds a flag to use the users own Kerberos credentials for environments where hosts are less trusted (ie. desktop deployments)? The documentation could add a warning that this won't work for all deployment scenario's.
I understand this might be a problem for applications like ssh however those kind of applications are not part of a normal office desktop deployment I think. Those type of applications are usually part of server deployment scenarios where the host itself is also more trusted then some desktop sitting in an office.
Hi,
sshd was just an example, afaik all login programs currently look up the user before requesting credentials.
bye, Sumit
Kind regards,
Jasper _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...