[BOLT-980] Support Kerberos over SSH (round 2) Created: 2018/11/19  Updated: 2019/08/26  Resolved: 2019/08/26

Status: Closed
Project: Puppet Task Runner
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Michael Smith Assignee: Michael Smith
Resolution: Won't Do Votes: 3
Labels: closed-github-move, docs, ghm
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to BOLT-168 Kerberos support for ssh Closed
Template:
Method Found: Needs Assessment
Release Notes: Known Issue
Release Notes Summary: While we would like to support Kerberos over SSH for authentication, a license incompatibility with other components we are distributing means that we cannot recommend using the net-ssh-krb gem for this functionality.
QA Risk Assessment: Needs Assessment

 Description   

With BOLT-168 we introduced Kerberos support for SSH. However, a license incompatibility with other components we are distributing means that we cannot recommend using the net-ssh-krb gem for this functionality and had to remove it from our packages.

To support Kerberos, we should pursue getting the license changed on net-ssh-krb or implementing a new version that fits net-ssh's API.



 Comments   
Comment by Duncan X Simpson [ 2019/01/21 ]

Out of curiosity, what are the incompatible licenses?

Comment by Duncan X Simpson [ 2019/01/21 ]

After thinking about this a little bit more, I've realized that I can't use Bolt without this, as my environment uses Kerberos tokens for login to all servers, and having all users put private keys on all the servers isn't really an option.

Comment by Michael Smith [ 2019/01/22 ]

The license for net-ssh-krb is GPLv2. We would need a clean implementation to include support in Bolt.

Comment by Lucy Wyman [ 2019/08/26 ]

This issue was automatically closed when the Bolt team moved to using Github Issues for ticket management (August 2019). If you'd like to reopen the issue or discuss it further please open a github issue at http://github.com/puppetlabs/bolt/issues.

Generated at Thu Nov 14 01:09:53 PST 2019 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.