[14932] in Kerberos
Re: Is this a job for Kerberos?
daemon@ATHENA.MIT.EDU (Michael Thomas)
Wed Aug 1 17:53:02 2001
From: Michael Thomas <mike@mtcc.com>
Message-ID: <v7zo9jqx6w.fsf@fasolt.mtcc.com>
Date: 1 Aug 2001 14:36:55 -0700
To: kerberos@MIT.EDU
kenh@cmf.nrl.navy.mil (Ken Hornstein) writes:
> >A Cisco router may be able to act as a Kerberos client or a service.
> >It cannot be a KDC.
>
> I suppose you _could_ cram a KDC into IOS (if you had the source to IOS,
> that is), but I cannot think of a good reason why you'd want to.
I suppose that depends on how you view Kerberos
credentials. I've often thought that using
tickets as a means pushing temporary credentials
around may be quite a useful thing for services
that are localized -- sort of along the lines of
PKTAPP. Another might be for relaying credentials
which could be used as a sort of a group keying
mechanism. In those cases, the natural thing to do
would be for the server-like thing to act like a
KDC.
--
Michael Thomas (mike@mtcc.com http://www.mtcc.com/~mike/)
Multi-mode fiber with an optical splitter |
B G P sessions conFIGGED not to litter | My Fav'rite 'Net Things
Reverting from A T M back to I P | by kc claffy, CAIDA
These are a few of my fav'rite `Net things |
