An alternative plan for principal mapping

Sam Hartman hartmans at MIT.EDU
Thu Aug 10 17:58:57 EDT 2006

>>>>> "greg" == greg  <greg at> writes:

    greg> On Aug 3, 11:27am, "Henry B. Hotz" wrote: } Subject: Re: An
    greg> alternative plan for principal mapping

    greg> Good day, hope everyone's week is going well.

    >> On Aug 2, 2006, at 7:35 PM, Sam Hartman wrote:

    >> > It's important that we don't create a situation where
    >> services expect > the KDC to perform authorization checks and
    >> fail insecurely if that > does not happen.
    >> >
    >> > PAC like behavior is fine because a service can tell if the
    >> PAC is not > present.  However something where a service
    >> expects a KDC only to > grant tickets to authorized users would
    >> be a really bad idea, because > it would mean the service is
    >> only secure with certain KDCs.
    >> >
    >> > --Sam

    >> That's a very correct technical position to take.  That's why I
    >> called attention to the issue.

    greg> Correct technically but incorrect from a pragmatic
    greg> implementation perspective.

Pragmatically, I want to be able to choose a KDC from a vendor of my
choice.  That means that the KDC needs to make it clear to me as an
application server what if any vetting it has done, and that I as an
application server must reject the ticket if it does not include the
appropriate checks.


More information about the krbdev mailing list