RX Kerberos 5 security class requirements of Kerberos library
Douglas E. Engert
deengert at anl.gov
Wed Jan 3 11:03:04 EST 2007
Sam Hartman wrote:
>>>>>> "Jeffrey" == Jeffrey Altman <jaltman at secure-endpoints.com> writes:
>
> Jeffrey> Before I submit a patch, is the concept of
> Jeffrey> krb5_generate_creds_with_keytab something that MIT and
> Jeffrey> Heimdal would accept? If so, a patch can be ready in a
> Jeffrey> few hours.
>
> I'm very uncomfortable with this. IT takes the KDC out of the loop
> for generating service tickets. I'm not sure how it will interact
> with future plans for use of authorization data, ticket extensions,
> etc.
I wish that a routine like this was available many years ago. In effect
it lets an application issue tickets for itself. It might have used a
different method for authentication. This is what krb524d -k or krb525d
is doing.
It is also what gssklog does, but it is still issuing a K4 ticket just
for AFS. This routine would make it easier it to issue K5 tickets.
gssklogd can used K5 or GSI for authentication.
>
> --Sam
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list