Authentication Methods for Single Sign-on: Kerberos and GSI
Authentication methods used to achieve single sign-on will be described along with examples of their use with SSH and AFS. These methods include Kerberos which is in wide use on Windows 2000 and Unix systems, and the Grid Security Infrastructure (GSI) from the Globus Project. In these methods the user's long term secret is never transmitted over the network. Instead credentials are delegated from system to system. This allows for multi-tiered or Grid computing environments where the delegated credentials are used to authenticate on a user's behalf to other systems. For example a token can be automatically obtained by the SSH daemon to access files in the AFS distributed file system.