RX Kerberos 5 security class requirements of Kerberos library
jaltman at secure-endpoints.com
Wed Jan 3 12:00:53 EST 2007
Nicolas Williams wrote:
> Well, no, I'm saying that for localauth AFS should use OS facilities,
> not Kerberos or any other security mechanism. And I'm saying that a
> Kerberos-based PSK mechanism should be more general if there will be one
> at all.
>> We can enforce the localauth case by how the client keytab is used.
The API will check that there exists a client keytab entry for the
specified client principal.
This way the function can only be used for localauth and cannot be used
to specify an
arbitrary client name to the service whose key is in the service keytab.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070103/87172168/attachment.bin
More information about the krbdev