[27904] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Kerberos for authentication, php for authorization

daemon@ATHENA.MIT.EDU (Michael B Allen)
Fri Jun 8 13:59:02 2007

Date: Fri, 8 Jun 2007 13:58:46 -0400
From: Michael B Allen <mba2000@ioplex.com>
To: kerberos@mit.edu
Message-Id: <20070608135846.a3bd4258.mba2000@ioplex.com>
In-Reply-To: <7572B0B3-65FE-483F-AE69-3525D0B6AFFF@sxw.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Fri, 8 Jun 2007 18:14:38 +0100
Simon Wilkinson <simon@sxw.org.uk> wrote:

> Aside: If you're using a single, general purpose, keytab you almost  
> certainly _don't_ want the GSS_C_NO_CREDENTIAL behaviour - you want  
> to be sure that your ssh service will only accept 'host/' principals,  
> for example.

Ahh, ok. But why is using GSS_C_NO_CREDENTIAL a problem exactly? If the
key is good the key is good no?

Mike

-- 
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27904] in Kerberos

Re: Kerberos for authentication, php for authorization

daemon@ATHENA.MIT.EDU (Michael B Allen)Fri Jun 8 13:59:02 2007

daemon@ATHENA.MIT.EDU (Michael B Allen)
Fri Jun 8 13:59:02 2007