Updates (multi-realm) to Leash32...

John M. Lockard jlockard at umich.edu
Fri Jan 10 15:22:00 EST 2003 

Hi Jeff,

By Multi-realm I mean "multiple realms"...  If you've used Krb5 much
you know that you can authenticate to multiple realms easily using
the kinit command.  I can do 'kinit jlockard at SI.UMICH.EDU' and then
'kinit jlockard at UMICH.EDU' to get tickets in both realms.  I would
expect that if my application recognizes Krb5 that my application
would allow me to choose the realm in which I want it to do things.

This was never a problem with Kerb95 on Windows authenticating to
Kerberos 4 servers.

-John

On Fri, Jan 10, 2003 at 03:04:20PM -0500, Jeffrey Altman wrote:
> What do you mean by "multi-realm"?  
> 
> Do you mean maintaining multiple credential caches simultaneously such 
> that multiple TGTs and related service tickets can be retrieved?
> 
> If so, how do you expect your Kerberos applications to be able to decide 
> which credential cache instance should be used?
> 
> - Jeff
> 
> John M. Lockard wrote:
> 
> >Hi,
> >
> >We've found Leash32 to be an invaluable tool here at the School
> >of Information at the University of Michigan. The one thing that
> >would just improve on that value would be if Leash32 did multi-realm
> >authentication.
> >
> >Here at the University of Michigan we have a number of AFS cells
> >and with that comes a number of Kerberos Realms, some running K4,
> >some running K5 and a mix of both. Many or our users at the School
> >of Information have accounts within the SI.UMICH.EDU realm as well as
> >the UMICH.EDU realm and would like to be able to access both at will.
> >
> >Would you be able to tell me if you have any plans on adding
> >multi-realm authentication to this tool, and if so, what your timeline
> >might be?
> >
> >-John
> >
> >_______________________________________________
> >krbdev mailing list             krbdev at mit.edu
> >http://mailman.mit.edu/mailman/listinfo/krbdev
> >  
> >
> 

-- 
--jlockard - "I'm really proud of my cousin. After decades of being
              illiterate, he's now Hooked On Phonics, except substitute
              'Phonics' with 'Crystal Meth'." - John Gephart

More information about the krbdev mailing list