in Kerberos_Protocol
Re: Ticket extensions in Kerberos revisions
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed May 3 19:26:57 2000
Date: Wed, 3 May 2000 14:40:10 -0400
From: Nicolas Williams <firstname.lastname@example.org>
To: Ken Hornstein <email@example.com>
Cc: Nicolas Williams <firstname.lastname@example.org>, cat-ietf@MIT.EDU,
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <200005031833.OAA26155@ginger.cmf.nrl.navy.mil>; from email@example.com on Wed, May 03, 2000 at 02:33:24PM -0400
On Wed, May 03, 2000 at 02:33:24PM -0400, Ken Hornstein wrote:
> >So that you can install and run third party software without full
> >priviledges but which can nevertheless obtain priviledges properly
> >delegated to it.
> Uhh ... what?
> If you're talking about "delegation", that's handled _completely_
> differently. That's already been standardized, and everyone knows how
> to do that.
Not just delegation of Kerberos tickets.
How does a Unix daemon become some user on behalf of which it needs to
perform some service when the service itself does not run as that user
or as root?
The answer is run the server as root.
In Windows 2000 you don't have to do that. I think it's security
advantage not to have to run services with priviledges, though it's not
a perfect solution wrt untrusted software.