Fw: SSO with telnet/rlogin/rsh
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Jan 15 15:23:10 EST 2008
>I think AFS uses the correct model. Credentials are really an attribute
>of the user and for the best security should be tracked by the kernel like
>any other security attribute of the user (UID, GID, supplemental groups,
>capabilities, etc.). But that gets into really nasty cross-platform
>issues, not to mention annoying kernel licensing issues.
AFS makes this easier by not having to actually do any Kerberos on the
client side, of course. I agree with you that it should be a kernel
attribute ... it's just that real life gets in the way.
--Ken
More information about the Kerberos
mailing list