[7272] in Kerberos
Re: Kerberized RCP
daemon@ATHENA.MIT.EDU (Mark Champine)
Tue May 14 11:17:37 1996
To: Jeff Dietz <jdietz@baynetworks.com>
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "Mon, 13 May 1996 15:38:03 EDT."
<31978F9B.167EB0E7@baynetworks.com>
Date: Tue, 14 May 1996 11:04:40 -0400
From: Mark Champine <champine@apollo.hp.com>
jeff dietz wrote:
> If I have two workstations, Fred and Barney, and I am logged into Fred
> and wish to use (kerberized) rcp to copy a file from Barney to Fred,
> does Barney end up sending a message to the ticket-granting service for
> a new session key, the session being the act of writing from Barney to
> Fred's file system?
No. Barney only has a "server key" its keytab, which doesn't
change, and never contacts the TGS.
How does Barney get the session key?
It is the rcp on Fred that contacts the TGS for a service ticket
(unless there's one in Fred's cache), not the remshd on Barney.
This ticket, obtained by Fred, contains the session key for use by
Fred and Barney. It is encrypted in the same key that's in Barney's
keytab. Fred sends the ticket to Barney. Barney decrypts the ticket to
get the session key.
I'm leaving out a lot. See:
http://nii.isi.edu/publications/kerberos-neuman-tso.html
M.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Mark Champine champine@apollo.hp.com 508-436-4292 Fax 508-436-5122
Hewlett-Packard CHR-03-CE 300 Apollo Drive Chelmsford, MA 01824
Networked Computing Division, DCE Security
