RX Kerberos 5 security class requirements of Kerberos library
Jeffrey Hutzelman
jhutz at cmu.edu
Mon Jan 8 18:59:03 EST 2007
On Wednesday, January 03, 2007 12:51:54 AM +0100 Love Hörnquist Åstrand
<lha at kth.se> wrote:
> rx can't use in the general case kerberos messags anyway because of
> size limitations
> in the crypto/auth hand-shake.
>
> Creating a "rxk5" token that can exchanged over clear-text rx rpc's
> protected
> with kerberos 5 messages is IMO the way forward.
That's the rxgk approach. The rxk5 approach is for tokens to be real
Kerberos tickets, which can be obtained in the usual fashion without an
additional out-of-band exchange. Without going into too much detail on
this list, both designs have their advantages.
-- Jeff
More information about the krbdev
mailing list