Using Kerberos for authenticating the distribution of controlled substances, etc.
Jeffrey Altman
jaltman at secure-endpoints.com
Thu Jul 19 08:06:38 EDT 2007
Henry B. Hotz wrote:
> In the interest of not re-inventing wheels where possible: remember
> the "initial" flag and its use with password changing. From an
> application standpoint is it sufficient to require "initial" service
> tickets and enforce a short ticket lifetime (e.g. 5 min.)? That
> doesn't address client/UI issues, of course.
I don't know how we can make use of initial service tickets in
conjunction with GSS-API.
Nor do I know what the UI and API for generating the dialogs should look
like yet. The requirement that individual authentications for multiple
users within the same application makes things very interesting.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070719/4d9ce533/attachment.bin
More information about the krbdev
mailing list