[8] in Kerberos
Re: Kerberos Support for Remote Serv
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:12:37 1987
From Saltzer@ATHENA.MIT.EDU Sat Jun 14 10:42:47 1986
Date: Sat, 14 Jun 86 10:40:10 EDT
Subject: re: Kerberos Support for Remote Services, Project Description (long)
To: Mark Colan <mtc@ATHENA.MIT.EDU>
Cc: geer@athena.mit.edu, bcn@athena.mit.edu, spm@athena.mit.edu,
charlie@athena.mit.edu, noah@athena.mit.edu, jis@athena.mit.edu
In-Reply-To: Mark Colan <mtc@ATHENA.MIT.EDU>'s message of Mon, 09 Jun 86 16:24:04 -0500
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Originating-Client: <Saltzer-PC>
> > What is "vxlogin"?
>
> As bcn stated, it is (at present) a utility which creates the tickets.
Where did the IBM people go? Who let a name like that into Athena?
Are all logins to a VAX? Come on, guys, change its name. (Drop the
"v").
> a. A kerberos name is placed in the ticket by vxlogin. This name may or
> may not be the same as the client's local username; a translation is
> performed by the server (via antoln) which takes the kerberos name
This approach sounds good, but it just pushes the problem back to
whoever has to implement antoln. (Which would be better named
an_to_ln.) Are there any good ideas on how that function should be
implemented in the long run?
> You've probably noticed that the current scheme calls for the creation of
> a large number of service keys: one for each type of service available on
> each host.
It certainly seems to me that rsh, rcp, and rlogin should be handled
as one service and thus use one service key.
Jerry
