Milos Djukic
djuka_uk at yahoo.co.uk
Sun Apr 18 09:24:33 EDT 2004
How can Kerberos authenticate a user who isn't communicating through a Kerberized server? Will the request be automatically rejected as the user is trying to gain a service from an un-trusted server. If so, can the administrators of the Kerberos and the non-kerberos server set up trust, without instaling Kerberos on the latter?
---------------------------------
Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger NowwFrom news at ra.nrl.navy.mil Sun Apr 18 11:11:34 2004
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3IFBYos015249
for <kerberos at PCH.mit.edu>; Sun, 18 Apr 2004 11:11:34 -0400 (EDT)
Received: from ra.nrl.navy.mil (ra.nrl.navy.mil [132.250.1.121])
i3IFBWxL002790
for <kerberos at MIT.EDU>; Sun, 18 Apr 2004 11:11:32 -0400 (EDT)
Received: (from news at localhost)
by ra.nrl.navy.mil (8.11.7p1+Sun/8.11.7) id i3IFB0627320
for kerberos at MIT.EDU; Sun, 18 Apr 2004 11:11:00 -0400 (EDT)
Message-ID: <40829AF3.40005 at nyc.rr.com>
From: Jeffrey Altman <jaltman2 at nyc.rr.com>
X-Newsgroups: comp.protocols.kerberos
References: <20040418132433.64078.qmail at web25103.mail.ukl.yahoo.com>
Date: Sun, 18 Apr 2004 15:03:54 GMT
Organization: Road Runner - NYC
To: kerberos at MIT.EDU
Subject: Re:
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Sun, 18 Apr 2004 15:11:35 -0000
Milos Djukic wrote:
> How can Kerberos authenticate a user who isn't communicating through a Kerberized server? Will the request be automatically rejected as the user is trying to gain a service from an un-trusted server. If so, can the administrators of the Kerberos and the non-kerberos server set up trust, without instaling Kerberos on the latter?
Kerberos provides for authentication not authorization.
You are asking questions related to the authorization of the message
exchange. This is up to the policy specified by whoever is running
whatever service it is that you are talking about.
More information about the Kerberos
mailing list