Updates (multi-realm) to Leash32...
John M. Lockard
jlockard at umich.edu
Fri Jan 10 15:22:00 EST 2003
By Multi-realm I mean "multiple realms"... If you've used Krb5 much
you know that you can authenticate to multiple realms easily using
the kinit command. I can do 'kinit jlockard at SI.UMICH.EDU' and then
'kinit jlockard at UMICH.EDU' to get tickets in both realms. I would
expect that if my application recognizes Krb5 that my application
would allow me to choose the realm in which I want it to do things.
This was never a problem with Kerb95 on Windows authenticating to
Kerberos 4 servers.
On Fri, Jan 10, 2003 at 03:04:20PM -0500, Jeffrey Altman wrote:
> What do you mean by "multi-realm"?
> Do you mean maintaining multiple credential caches simultaneously such
> that multiple TGTs and related service tickets can be retrieved?
> If so, how do you expect your Kerberos applications to be able to decide
> which credential cache instance should be used?
> - Jeff
> John M. Lockard wrote:
> >We've found Leash32 to be an invaluable tool here at the School
> >of Information at the University of Michigan. The one thing that
> >would just improve on that value would be if Leash32 did multi-realm
> >Here at the University of Michigan we have a number of AFS cells
> >and with that comes a number of Kerberos Realms, some running K4,
> >some running K5 and a mix of both. Many or our users at the School
> >of Information have accounts within the SI.UMICH.EDU realm as well as
> >the UMICH.EDU realm and would like to be able to access both at will.
> >Would you be able to tell me if you have any plans on adding
> >multi-realm authentication to this tool, and if so, what your timeline
> >might be?
> >krbdev mailing list krbdev at mit.edu
--jlockard - "I'm really proud of my cousin. After decades of being
illiterate, he's now Hooked On Phonics, except substitute
'Phonics' with 'Crystal Meth'." - John Gephart
More information about the krbdev