manage access to services

[Jeffrey Altman]

Access control is not enforced by the TGS.  The TGS provides service
tickets which allow a client to authenticate itself to the application
service.  It is the responsibility of the application service to consult
an authorization database to determine what permissions (if any) the
client may be granted.

Jeffrey Altman


paul b wrote:

> Hello,
> I have a question about managing the access to the different services
> in Kerberos.
> 
> When I have my TGT and I ask the TGS to get access to a specific
> service(for ex. kerberized FTP), how does the TGS know if I have the
> right to access this server. Is there any database on the TGS that
> contains the information which user has access to which service or
> does the TGS the TGT in any case and the access rights are managed on
> the server offering the service.
> 
> My second question is how can I specify which user has access to which
> service? Are there commands on the TGS(eventually to add users to a
> database managing the rights???) or do I have to specify the user
> rights on the server offering the service
> 
> Thank u very much in advance
> 
> CB

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu