[305] in Kerberos
Authentication on remote machines
daemon@TELECOM.MIT.EDU (Clifford Neuman)
Thu Jan 28 20:07:54 1988
From: bcn@JUNE.CS.WASHINGTON.EDU (Clifford Neuman)
To: treese@ATHENA.MIT.EDU
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: treese@ATHENA.MIT.EDU's message of Wed, 27 Jan 88 18:02:54 EST <8801272302.AA26210@CIROCCO.MIT.EDU>
I may be answering the worng question here, since I wasn't present for
the discussion Win is following up, but anyway... Note that whatever
mechanism you come up with for your remaining timesharing systems will
get used in other circumstances also. Especially when Kerberos gets
outside MIT. As such, the host one is connecting to will not always
be trusted, and the user might not always want to give his password.
As such, it must be possible for a user to choose not to give his
password.
Ideally, one would not have to give the remote system his password.
Instead, rlogin could obtain a new ticket granting ticket for the user
that is good from the remote address, it could then send that along with
necessary session key, encrypted, to the remote system.
~ Cliff
