URGENT - Kerberos : Authorization

Russ Allbery rra at stanford.edu
Fri Apr 23 19:59:34 EDT 2010


<jacky.forestier at orange-ftgroup.com> writes:

> A question on the kerberos implementation ( Kerb v5-1.6) that we tested
> and are using now in experimental studies: Does this kerberos version
> allow to distinguish between different users in terms of allowing to
> grant the TGS ticket for a certain service for certain users and
> refusing the TGS ticket grant for other users.

I don't believe there's a mechanism in either MIT Kerberos or Heimdal to
support this particular use case.  Kerberos generally assumes that
authorization decisions are handled in the application, not at the level
of issuing tickets.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list