RX Kerberos 5 security class requirements of Kerberos library

Douglas E. Engert deengert at anl.gov
Wed Jan 3 11:03:04 EST 2007

Sam Hartman wrote:
>>>>>> "Jeffrey" == Jeffrey Altman <jaltman at secure-endpoints.com> writes:
>     Jeffrey> Before I submit a patch, is the concept of
>     Jeffrey> krb5_generate_creds_with_keytab something that MIT and
>     Jeffrey> Heimdal would accept?  If so, a patch can be ready in a
>     Jeffrey> few hours.
> I'm very uncomfortable with this.  IT takes the KDC out of the loop
> for generating service tickets.  I'm not sure how it will interact
> with future plans for use of authorization data, ticket extensions,
> etc.

I wish that a routine like this was available many years ago. In effect 
it lets an application issue tickets for itself. It might have used a 
different method for authentication. This is what krb524d -k or krb525d 
is doing.

It is also what gssklog does, but it is still issuing a K4 ticket just 
for AFS. This routine would make it easier it to issue K5 tickets. 
gssklogd can used K5 or GSI for authentication.

> --Sam
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list