Manageability of larger networks

Dr. Greg Wettstein greg at wind.enjellic.com
Mon Apr 14 09:18:01 EDT 2003


On Apr 13,  2:15pm, Turbo Fredriksson wrote:
} Subject: Re: Manageability of larger networks

> It's been discussed before. Kerberos is a AUTHENTICATION
> system, not a AURHORIZATION system. For authorization,
> use LDAP (my personal favorite).
> 
> > What concept is usually used to manage separate
> > user groups in the Kerberos world?
> 
> You don't. You have principals. (dot, end, no more, ende
> etc).
> 
> For saying 'user/application x have access to y', use
> LDAP.

For those people interested in authorization vs. authentication I am
working out the details of a GPL release of the Hurderos architecture
which leverages both LDAP and Kerberos to provide, IMHO, a pretty
unique solution to the problem of fine-grained authorization.

After working on this for about 4 years I can underscore what Turbo is
saying, Kerberos is not the place to be dealing with authorization
issues.  Its an excellent authentication and symmetric key management
system which should be leveraged for its strengths and not complicated
with other issues.

}-- End of excerpt from Turbo Fredriksson

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-4950            WWW: http://www.enjellic.com
FAX: 701-281-3949           EMAIL: greg at enjellic.com
------------------------------------------------------------------------------
"We are confronted with insurmountable opportunities."
                                -- Walt Kelly


More information about the Kerberos mailing list