GSSAPI - context lifetime
Nicolas.Williams at sun.com
Thu May 29 17:50:29 EDT 2008
On Thu, May 29, 2008 at 04:45:22PM -0500, Nicolas Williams wrote:
> On Thu, May 29, 2008 at 02:23:09PM -0700, Russ Allbery wrote:
> > Because all products of a Kerberos authentication should be tied to a
> > ticket lifetime. Otherwise, the ticket lifetime isn't meaningfully
> > enforced; someone who obtains a ticket at some point could authenticate to
> > a service and simply stay authenticated, and there would be no good way of
> > rejecting their later operations.
> You'd think. And I agree.
Well, I just disagreed with me.
More information about the krbdev