RX Kerberos 5 security class requirements of Kerberos library
Nicolas Williams
Nicolas.Williams at sun.com
Wed Jan 3 11:50:34 EST 2007
On Tue, Jan 02, 2007 at 05:50:35PM -0500, Marcus Watts wrote:
> Various wrote lots of stuff regarding what Nico describes as:
> ...
> > I think you're proposing an API that allows one to use the Kerberos V AP
> > exchange as a pre-shared symmetric key authentication mechanism.
> ...
> I'm not sure that's quite how I'd say it, but it's a start.
>
> I don't think the context for this was completely described.
> The purpose of this is to implement afs "-localauth" semantics.
But what platforms does AFS run on that don't provide getpeerid()/
getpeerucred()/SCM_RIGHTS or other equivalent local "authentication"
facilities?? Why create a PSK mechanism for purely local purposes that
others will then misuse?
Nico
--
More information about the krbdev
mailing list