EAP-Kerberos
Saber Zrelli
zrelli at jaist.ac.jp
Mon Jul 18 14:12:21 EDT 2005
Hi ,
In the IAKERB draft, the followins is said :
===========
6. The IAKERB proxy protocol :
...
The IAKERB proxy is responsible for locating an appropriate KDC using the realm
information in the KDC request message it received from the client.
...
============
I appologize for my misleading affirmation, The IAKERB proxy can
be used by the client to obtain cross realm ticket that can be used
in the visited realm.
I was referring to a KDC instead of an IAKERB proxy. My thoughts are
that these proxying functionalities should be moved to the KDC of
the visited realm. But this would be another topic that I wish to
start soon.
Best Regards,
Saber.
* On 21:55, Sun 17 Jul 05, Sam Hartman wrote:
> >>>>> "Saber" == Saber Zrelli <zrelli at jaist.ac.jp> writes:
>
> Saber> when some visiting user would like to connect to a foreign
> Saber> wireless network, In addition to the bootstrapping problem,
> Saber> the actual protocol defined by IAKERB does not allow the
> Saber> operator to authenticate the visiting user since he/she is
> Saber> not registered in the local DB. Hence there is need to
> Saber> extend the proxy properties to perform inter-realm
> Saber> operations (to communicate with the user's home realm ) for
> Saber> authenticating roaming users.
>
> For the record, I strongly disagree with the above.
>
> I don't have time to explain now, but will try to get to it reasonably soon.
--
Saber ZRELLI <zrelli at jaist.ac.jp>
Japan Advanced Institute of Science and Technology
Center of Information Science
Shinoda Laboratory
url : http://www.jaist.ac.jp/~zrelli
gpg-id : 0x7119EA78
More information about the Kerberos
mailing list