Mastodawn

Demo 2: login with SSH key, use Kerberos ticket for access of FreeIPA management interface. Lifetime was set to 2 minutes to help my slow and errorneous typing.

https://youtu.be/Bx7_ZJskofo

ipa openssh s4u demo 2

YouTube

Show thread

Alexander Bokovoy Mar 10

COPR repo for Fedora 43-45: dnf copr enable dbelyavs/openssh-gss-s4u

Demo 1: login with SSH key, use Kerberos ticket for sudo authentication. Lifetime set to 1 minute to help with the demo.

https://youtu.be/hlxFCs_RIRE

ipa openssh s4u demo

YouTube

Alexander Bokovoy Mar 10

Got some progress with protocol transition in #OpenSSH: if you login with any authentication mechanism that does not lead to creation of #Kerberos tickets, now you can configure your server to generate one on the user's behalf. This uses Services For User (S4U) extensions available in Active Directory and #FreeIPA implementations. There are few issues we still trying to address (and bugs found during this development) but it looks promising.

Couple demos in the next toots:

Show thread

Alexander Bokovoy Feb 27

@dazo @SpookyDoom @bkuhn @akareilly @fosdem I am still recovering after FOSDEM, full month of cough and misery. But the time on the grounds was awesome.

Alexander Bokovoy Feb 1

Identity and Access Management devroom #iam at #FOSDEM started with the full room already. We are also tracking air quality in the room and try to ventilate regularly. Thanks to https://fosdem26-air.autkin.net/ project for that!