An alternative plan for principal mapping
Sam Hartman
hartmans at MIT.EDU
Wed Aug 2 22:35:40 EDT 2006
>>>>> "Will" == Will Fiveash <William.Fiveash at sun.com> writes:
Will> On Tue, Aug 01, 2006 at 10:46:33AM -0700, Henry B. Hotz
Will> wrote:
>>
>> On Aug 1, 2006, at 9:03 AM, krbdev-request at mit.edu wrote:
>> ...
>>
>> > This relates to something I brought up before on this list
>> and that is > support for login policy plugins (LPP). Note,
>> this is distinct from > password policy. The KDC would
>> interact with a LPP in two ways:
>>
>> In effect this is an authorization policy, not an
>> authentication policy.
Will> Essentially that is correct.
It's important that we don't create a situation where services expect
the KDC to perform authorization checks and fail insecurely if that does not happen.
PAC like behavior is fine because a service can tell if the PAC is not
present. However something where a service expects a KDC only to
grant tickets to authorized users would be a really bad idea, because
it would mean the service is only secure with certain KDCs.
--Sam
More information about the krbdev
mailing list