Proxy KDC

Monica Lau mllau2002 at yahoo.com
Wed Oct 23 20:57:56 EDT 2002


Hi all,
First of all, thanks for your response.  However, I'm still not understanding what the non-trivial design issues are with supporting proxy KDC and why one would not want to use this feature were it implemented?  I would think that this feature would be popular, but I don't know Kerberos well enough to understand the problems with it. 
Thanks for your time and help.
Monica
 
 Sam Hartman <hartmans at mit.edu> wrote:>>>>> "Monica" == Monica Lau writes:

Monica> Hi all,

Monica> I was wondering if the MIT Kerberos server supports
Monica> proxy KDC. For example, I have two KDCs in my network,
Monica> KDC A and KDC B. If a user tries to authenticate to KDC
Monica> A, and KDC A can't find that user's entry in its database,
Monica> KDC A will automatically contact KDC B and send the
Monica> authentication reply back to the user.

This feature is not supported.
I think there are non-trivial design issues associated with doing this.
I suspect we would not be interested in the feature were it implemented.
_______________________________________________
krbdev mailing list krbdev at mit.edu
http://mailman.mit.edu/mailman/listinfo/krbdev


---------------------------------
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/kerberos/attachments/20021023/5350de9c/attachment.htm


More information about the Kerberos mailing list