Douglas E. Engert deengert at anl.gov
Mon Apr 19 11:37:50 EDT 2004



Milos Djukic wrote:
> 
> How can Kerberos authenticate a user who isn't communicating through a Kerberized server? Will the request be automatically rejected as the user is trying to gain a service from an un-trusted server. If so, can the administrators of the Kerberos and the non-kerberos server set up trust, without instaling Kerberos on the latter?
> 

It is not clear what you are asking, and others have given you answers. I would interprete
you question to be: Can the client side of Kerberos be used on a mcahine that is not 
registered as a seerver? 

The kinit program can be run on any machine, even if the machine is not defined as a service
in any realm. A user can even install in thier own directory the client components without 
using root. As a minimum, the user would need the kinit, any libs, a client application, like rlogin, 
and a kr5.conf file. The user can then use LD_LIBRARY_PATH to piont at the libs, and 
KRB5_CONFIG to point at the krb5.conf.    

> 
> ---------------------------------
>   Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444


More information about the Kerberos mailing list