[29059] in Kerberos
Re: Fw: SSO with telnet/rlogin/rsh
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Jan 15 15:24:09 2008
Message-Id: <200801152023.m0FKNAxV014796@ginger.cmf.nrl.navy.mil>
To: kerberos@mit.edu
In-Reply-To: <87lk6qj2mz.fsf@windlord.stanford.edu>
Date: Tue, 15 Jan 2008 15:23:10 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>I think AFS uses the correct model. Credentials are really an attribute
>of the user and for the best security should be tracked by the kernel like
>any other security attribute of the user (UID, GID, supplemental groups,
>capabilities, etc.). But that gets into really nasty cross-platform
>issues, not to mention annoying kernel licensing issues.
AFS makes this easier by not having to actually do any Kerberos on the
client side, of course. I agree with you that it should be a kernel
attribute ... it's just that real life gets in the way.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
