Principal naming
Russ Allbery
rra at stanford.edu
Sat Jan 19 19:02:12 EST 2013
Nico Williams <nico at cryptonector.com> writes:
> On Fri, Jan 18, 2013 at 1:35 PM, Russ Allbery <rra at stanford.edu> wrote:
>> Er, it's still a good security practice to use a separate set of
>> credentials that you don't type into everything all the time to do your
>> daily work. Particularly given that we still live in a world where
>> there's a lot of SASL PLAIN over TLS.
> That might be true, but a) do you really think that people use
> different passwords for */admin principals than their regular user
> principals?
We certainly do, and this is actually quite easy to programmatically
enforce. But given the small number of people involved, it's not that
difficult to train them appropriately.
> and b) there's no reason that we couldn't have different credentials for
> this without having different identifiers.
It's by far the easiest way to do that, though.
>> So no, there is definitely a point.
> But I don't believe that distinct names is necessary for this.
One of the things I really like about Kerberos is the ability to have
multiple identities for a particular person with different security
profiles or different contexts. We use this a lot.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list