use of authorization-data

Frank Balluffi frank.balluffi at
Thu Jun 6 09:56:47 EDT 2002

I see that it is possible to put application-defined data in the enc-authorization-data field of a request to a TGS and the authorization-data field of a ticket. Suppose I have a password-based application service that would be difficult to Kerberize, I have two questions:

1. In theory, is it possible to embed a user ID and password into a ticket and send it to a Kerberized proxy that logs the user into the password-based application service on behalf of the user?

2. In practice, are there any gotchas? For example, would one need to modify kinit? Does the MIT TGS support this?

BTW, I am familiar with Clifford Neuman's "Proxy-Based Authorization and Accounting for Distributed Systems". Thanks.



This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

More information about the Kerberos mailing list