[32859] in Kerberos

home help back first fref pref prev next nref lref last post

Re: service that communicates with different KDCs

daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Nov 5 10:56:54 2010

From: Greg Hudson <ghudson@mit.edu>
To: Ben <benkwint@gmail.com>
In-Reply-To: <62420e4e-37f4-4a4f-af76-9cffc67fbf98@26g2000yqv.googlegroups.com>
Date: Fri, 05 Nov 2010 10:56:46 -0400
Message-ID: <1288969006.2633.1007.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Thu, 2010-11-04 at 06:53 -0400, Ben wrote:
> The problem is that it's a webservice that
> possibly needs to communicate with different KDCs.

Kerberos services don't actually need to communicate with KDCs unless
they also act as Kerberos clients for some reason.

> Is it possible to allow this application to
> authenticate users from different KDC's.

Yes, this is possible.

> My main concern is that you need time synchronisation, which is quite
> difficult if multiple clients want to use their own KDC server.

One would hope that all of the KDCs are within a few seconds of the
correct time.


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post