Hi,
after a short break, I would like to continue my work on moonshot C-O
delegation and SSO.
I played a little with moonshot Live DVD.
In /etc/freeradius/sites-enabled/default there is Post-Authentication
section with update reply { ....} part. I can see, the string inside {}
is transferred to gss-server.
Is there some nice and easy way, how to deliver my data (e.g. like those
in update reply) to the client, just by editing some freeradius config
file? If not, any other way?
Thx,
Marcel Poul
On 02/05/2013 03:13 PM, Marcel Poul wrote:
>
>
> On 12/06/2012 12:06 AM, Carlo Hamalainen wrote:
>> On Wed, Dec 5, 2012 at 8:22 PM, Marcel Poul <[log in to unmask]
>> <mailto:[log in to unmask]>> wrote:
>>
>> I think we can get by with an email until January.
>>
>> I would like to share my thoughts with you any comments are welcome.
>> One of the use cases I work with is as follows:
>>
>> user -> service 1 -> service 2
>> |
>> |
>> |
>> AAA server
>>
>> User wants to access service 1 e.g. by ssh with moonshot. At the
>> same time, he wants to use s2 via s1 (by credentials delegation) e.g
>> mounting NFS volume at s@ to s1. The assumption is that s1 and s2
>> (maybe AAA server too) are belong to different organization, so the
>> Luke Howard's solution for the credentials delegation won't work.
>>
>>
>>
>> This is a use case that we also have, so I'll be interested to see what
>> Moonshot's capabilities are in this situation.
>>
>> Cheers,
>>
>> --
>> Carlo Hamalainen
>> http://carlo-hamalainen.net
>
> Hi all,
>
> I put one of my thoughts on paper (attached). It uses KDC and kerberos
> tickets to bring delegation to moonshot. Any comments and ideas are
> welcome.
>
> Another approach would be saml delegation as was discussed in this
> mailing list too, but I am not very familiar with the mechanism.
>
> I am sure there are other possible ways to bring cross organizational
> delegation to mooonshot which I don't know about. So please share any
> ideas.
>
> Thx,
>
> Marcel Poul
|