User delegation in Kerberos V5

Jeffrey Altman jaltman2 at nyc.rr.com
Mon Dec 19 11:03:22 EST 2005


fantoosh at hotmail.com wrote:
> Well I am looking to share  files efficiently over the Internet.
> 
> I have a friend Alice who is not a user of my realm nor is a user of
> any other Kerberos realm. I want to share files with Alice *without
> system admin intervention*.
> 
> So lets say I am using AFS or NFSv4. Is it possible to do this? If yes,
> please tell me how.
> 
> Thanks in advance.

If Alice is not a member of any Kerberos realm, then you cannot
authenticate her.   Therefore it is not possible for you to provide
any access to her at all.

Assuming you are using AFS, you can give Alice your AFS token to access
AFS, but then Alice has all of the privileges that you have.  She will
not be restricted only to the directories you wish her to access but
can do anything you can do.   This is simply not smart.

Jeffrey Altman





More information about the Kerberos mailing list