RX Kerberos 5 security class requirements of Kerberos library
Jeffrey Altman
jaltman at secure-endpoints.com
Wed Jan 3 12:00:53 EST 2007
Nicolas Williams wrote:
> Well, no, I'm saying that for localauth AFS should use OS facilities,
> not Kerberos or any other security mechanism. And I'm saying that a
> Kerberos-based PSK mechanism should be more general if there will be one
> at all.
>
>> We can enforce the localauth case by how the client keytab is used.
>
> ?
>
The API will check that there exists a client keytab entry for the
specified client principal.
This way the function can only be used for localauth and cannot be used
to specify an
arbitrary client name to the service whose key is in the service keytab.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070103/87172168/attachment.bin
More information about the krbdev
mailing list