Manageability of larger networks
Dr. Greg Wettstein
greg at wind.enjellic.com
Mon Apr 14 09:18:01 EDT 2003
On Apr 13, 2:15pm, Turbo Fredriksson wrote:
} Subject: Re: Manageability of larger networks
> It's been discussed before. Kerberos is a AUTHENTICATION
> system, not a AURHORIZATION system. For authorization,
> use LDAP (my personal favorite).
>
> > What concept is usually used to manage separate
> > user groups in the Kerberos world?
>
> You don't. You have principals. (dot, end, no more, ende
> etc).
>
> For saying 'user/application x have access to y', use
> LDAP.
For those people interested in authorization vs. authentication I am
working out the details of a GPL release of the Hurderos architecture
which leverages both LDAP and Kerberos to provide, IMHO, a pretty
unique solution to the problem of fine-grained authorization.
After working on this for about 4 years I can underscore what Turbo is
saying, Kerberos is not the place to be dealing with authorization
issues. Its an excellent authentication and symmetric key management
system which should be leveraged for its strengths and not complicated
with other issues.
}-- End of excerpt from Turbo Fredriksson
As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-4950 WWW: http://www.enjellic.com
FAX: 701-281-3949 EMAIL: greg at enjellic.com
------------------------------------------------------------------------------
"We are confronted with insurmountable opportunities."
-- Walt Kelly
More information about the Kerberos
mailing list