[313] in Kerberos
rlogin
daemon@TELECOM.MIT.EDU (Clifford Neuman)
Fri Jan 29 16:53:58 1988
From: bcn@JUNE.CS.WASHINGTON.EDU (Clifford Neuman)
To: kerberos@ATHENA.MIT.EDU
In-Reply-To: Theodore Ts'o's message of Fri, 29 Jan 88 11:32:39 EST <8801291632.AA22179@THOR.MIT.EDU>
If I recall correctly, there is a field in the ticket for privileges
(flags). I don't think this field has ever been used though. How
about using one of these bits in the ticket granting ticket to
indicate that one can use it to obtain a new ticket granting ticket
for a new address. When a request is received for a new ticket
granting ticket at a different IP address, the ticket granting server
uses the bit in the existing ticket granting ticket to decide whether
to return the response encrypted in the users key or the session key.
As to how to decide what type of ticket to initially issue a user, one
can base it on who the user is, recording the default in the same
manner one could choose a default ticket lifetime. Alternatively, the
default could be decided by the local machine. If it is a public
workstation, one might be more careful, than if it is the users
personal machine. As for the possibilty of someone changing the
software on a public workstation to get the other type of ticket, if
they do this, they might as well have it record the password.
Finally, there should be a way for the user to overide the default
when logging in, and as already mentioned, when rloggin in.
The final question is what type of ticket granting ticket should be
issued based on an existing ticket granting ticket. I propose the
same type (unless the user chooses to overide the default). I can see
arguments both ways though.
~ Cliff
