[340] in Kerberos
re: Terminology
daemon@TELECOM.MIT.EDU (Jerome H. Saltzer)
Wed Mar 16 10:43:43 1988
To: bcn@JUNE.CS.WASHINGTON.EDU (Clifford Neuman)
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: bcn@june.cs.washington.edu (Clifford Neuman)'s message of Tue, 15 Mar 88 19:46:47 PST
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> I agree with Jennifer. It seems that the technical plan (dated 10
> April 1987), uses authenticator to refer to just the piece of data
> used to validate the ticket. Where both the ticket and the
> authenticator is needed it says that both are sent. It does not name
> the combination. This means that the only thing that doesn't
> necessarily agree with this naming convention is a few references in
> the code. Since many people have the Usenix paper, and quite a few
> people have the technical plan, I think we should stick with that
> terminology.
The more recent draft (December 22, 1987) of the Technical Plan
section follows this usage also. So far, I think everyone is in
agreement that naming the thing that Kerberos sends back the ticket,
and naming the thing that is added to a ticket the authenticator is
the right approach.
But this approach does leave one loose end beyond the code itself.
The man page for the kerberos library [Kerberos(3)] has to name the
structure that contains the ticket and the authenticator. The
pointer to that structure is of type KTEXT and instances are
currently named "authent" and "ticket" in synopses for {mk_ap_req,
rd_ap_req} and {retrieve}, respectively. And the text says things
like, "rd_ap_req takes an authenticator of type KTEXT, . . ." Under
the agreed-upon convention, both labels are inappropriate. And
unfortunately, these particular labels are visible to the application
programmer.
I suppose the thing to do is to rename the documentation variable,
e.g., to tkt_auth, and to revise the text to say things such as
"rd_ap_req takes a structure tkt_auth of type KTEXT that contains a
ticket and an authenticator. . ."
Jerry
