RX Kerberos 5 security class requirements of Kerberos library

Jeffrey Hutzelman jhutz at cmu.edu
Mon Jan 8 18:59:03 EST 2007

On Wednesday, January 03, 2007 12:51:54 AM +0100 Love Hörnquist Åstrand 
<lha at kth.se> wrote:

> rx can't use in the general case kerberos messags anyway because of
> size limitations
> in the crypto/auth hand-shake.
> Creating a "rxk5" token that can exchanged over clear-text rx rpc's
> protected
> with kerberos 5 messages is IMO the way forward.

That's the rxgk approach.  The rxk5 approach is for tokens to be real 
Kerberos tickets, which can be obtained in the usual fashion without an 
additional out-of-band exchange.  Without going into too much detail on 
this list, both designs have their advantages.

-- Jeff

More information about the krbdev mailing list