Manageability of larger networks

Dr. Greg Wettstein greg at
Mon Apr 14 09:18:01 EDT 2003

On Apr 13,  2:15pm, Turbo Fredriksson wrote:
} Subject: Re: Manageability of larger networks

> It's been discussed before. Kerberos is a AUTHENTICATION
> system, not a AURHORIZATION system. For authorization,
> use LDAP (my personal favorite).
> > What concept is usually used to manage separate
> > user groups in the Kerberos world?
> You don't. You have principals. (dot, end, no more, ende
> etc).
> For saying 'user/application x have access to y', use

For those people interested in authorization vs. authentication I am
working out the details of a GPL release of the Hurderos architecture
which leverages both LDAP and Kerberos to provide, IMHO, a pretty
unique solution to the problem of fine-grained authorization.

After working on this for about 4 years I can underscore what Turbo is
saying, Kerberos is not the place to be dealing with authorization
issues.  Its an excellent authentication and symmetric key management
system which should be leveraged for its strengths and not complicated
with other issues.

}-- End of excerpt from Turbo Fredriksson

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-4950            WWW:
FAX: 701-281-3949           EMAIL: greg at
"We are confronted with insurmountable opportunities."
                                -- Walt Kelly

More information about the Kerberos mailing list