how to "ban" clients?
Nico Williams
nico at cryptonector.com
Tue Aug 2 15:58:08 EDT 2011
On Aug 2, 2011 9:47 AM, <greg at enjellic.com> wrote:
>
> On Jul 27, 12:19pm, Nico Williams wrote:
> > On Tue, Jul 26, 2011 at 6:59 AM, <ghudson at mit.edu> wrote:
> > It'd be nice to have a standard revocation protocol for Kerberos...
>
> We have one, its called authorization.... :-)
Not if we insist on delivering auth z-data via kerberos tickets (see Simo's
PAD proposal.
Also, we don't re-authorize long-lived sessions constantly -- not at all
actually. So, yes IMO we need a low latency revocation protocol.
Nico
--
More information about the Kerberos
mailing list