[47] in Kerberos
Re: caucus (propagation to servers)
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:19:23 1987
From treese@ATHENA.MIT.EDU Wed Aug 13 13:10:18 1986
From: Win Treese <treese@ATHENA.MIT.EDU>
Date: Wed, 13 Aug 86 13:07:08 EDT
To: Dan Geer <geer@ATHENA.MIT.EDU>
Cc: bcn@ATHENA.MIT.EDU, fhsu@ATHENA.MIT.EDU, jis@ATHENA.MIT.EDU,
mike@ATHENA.MIT.EDU, ostlund@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU
In-Reply-To: Dan Geer's message of Sat, 9 Aug 86 00:23:10 EDT
Subject: Re: caucus (propagation to servers)
Us-Snail: E40-342B, 1 Amherst St, Cambridge, MA 02139
I think we need to distinguish two classes of servers:
1. Highly secure ones (such as kerberos)
2. Standard services (such as post office, name service (Hesiod), etc.)
In the secure case, we have to leave them out in order to protect them.
kerberos, for example, should not trust hector for the passwd file propagation.
Other servers, such as the post office, can safely trust hector and
receive a passwd file, though we probably need a careful definition of
which accounts get propagated to them. This class includes RVD servers,
as well.
Win
