manage access to services

[paul b]

Thank u very much for ur answer, I was a little bit confused because
this point is not well documented.
I have a second small question, perhaps u can help me with this to:

Once the client is authenticated, is the communication between the
client and the server encrypted(with the session key in the ticket) or
does all the trafic pass in clear text by default. I read some docs
and their content was contradictory, perhaps u can clear me this point
to?

Thanx
CB






Jeffrey Altman <jaltman2 at nyc.rr.com> wrote in message news:<QEnTd.13666$qn2.2870712 at twister.nyc.rr.com>...
> Access control is not enforced by the TGS.  The TGS provides service
> tickets which allow a client to authenticate itself to the application
> service.  It is the responsibility of the application service to consult
> an authorization database to determine what permissions (if any) the
> client may be granted.
> 
> Jeffrey Altman
> 
> 
> paul b wrote:
> 
> > Hello,
> > I have a question about managing the access to the different services
> > in Kerberos.
> > 
> > When I have my TGT and I ask the TGS to get access to a specific
> > service(for ex. kerberized FTP), how does the TGS know if I have the
> > right to access this server. Is there any database on the TGS that
> > contains the information which user has access to which service or
> > does the TGS the TGT in any case and the access rights are managed on
> > the server offering the service.
> > 
> > My second question is how can I specify which user has access to which
> > service? Are there commands on the TGS(eventually to add users to a
> > database managing the rights???) or do I have to specify the user
> > rights on the server offering the service
> > 
> > Thank u very much in advance
> > 
> > CB