W3C home > Mailing lists > Public > www-archive@w3.org > February 2007

pubkinit: delegating kerberos login to a public key

From: Dan Connolly <connolly@w3.org>
Date: Fri, 09 Feb 2007 01:22:47 -0600
To: breadcrumbs <www-archive+breadcrumbs@w3.org>
Message-Id: <1171005767.7497.606.camel@dirk>
CSAIL's storage is pretty much all AFS, which requires
shared-key login. I always forget the key, and I much
prefer public-key for scalability etc.

With pubkinit, I can use my gpg key to encrypt the
AFS/kerberos passord and store it; then when I want
to login, I use the gpg key to decrypt the shared
key. This works nicely with the gnome gpg-agent
UI.

See the authorization category in breadcrumbs
http://dig.csail.mit.edu/breadcrumbs/taxonomy/term/4

esp
A step forward with python and sshagent, and a walk around gnome
security tools
Submitted by connolly on Wed, 2006-03-29
http://dig.csail.mit.edu/breadcrumbs/node/123

$ hg log --limit 10 --template '#rev#:#node|short# #date|shortdate#
#desc|firstline|strip#\n'
2:f75ea9ff44bb 2007-01-05 cite kinit source
1:7a247b24273f 2007-01-05 login using dbus/pgp works
0:220d687c5d8b 2006-10-30 credstore.py 1.1 from
http://dev.w3.org/cvsweb/2001/palmagent/


-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E



Received on Friday, 9 February 2007 07:23:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 November 2012 14:18:02 GMT