An alternative plan for principal mapping
Sam Hartman
hartmans at MIT.EDU
Thu Aug 10 17:58:57 EDT 2006
>>>>> "greg" == greg <greg at enjellic.com> writes:
greg> On Aug 3, 11:27am, "Henry B. Hotz" wrote: } Subject: Re: An
greg> alternative plan for principal mapping
greg> Good day, hope everyone's week is going well.
>> On Aug 2, 2006, at 7:35 PM, Sam Hartman wrote:
>> > It's important that we don't create a situation where
>> services expect > the KDC to perform authorization checks and
>> fail insecurely if that > does not happen.
>> >
>> > PAC like behavior is fine because a service can tell if the
>> PAC is not > present. However something where a service
>> expects a KDC only to > grant tickets to authorized users would
>> be a really bad idea, because > it would mean the service is
>> only secure with certain KDCs.
>> >
>> > --Sam
>> That's a very correct technical position to take. That's why I
>> called attention to the issue.
greg> Correct technically but incorrect from a pragmatic
greg> implementation perspective.
Pragmatically, I want to be able to choose a KDC from a vendor of my
choice. That means that the KDC needs to make it clear to me as an
application server what if any vetting it has done, and that I as an
application server must reject the ticket if it does not include the
appropriate checks.
--Sam
More information about the krbdev
mailing list