[476] in Kerberos_Protocol

home help back first fref pref prev next nref lref last post

Re: Ticket extensions in Kerberos revisions

daemon@ATHENA.MIT.EDU (Rich Salz)
Wed May 3 22:07:17 2000

Date: Wed, 3 May 2000 22:07:00 -0400 (EDT)
From: Rich Salz <salzr@certco.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: cat-ietf@MIT.EDU, krb-protocol@MIT.EDU
In-Reply-To: <200005031814.OAA25915@ginger.cmf.nrl.navy.mil>
Message-Id: <Pine.BSI.3.96.1000503220152.26463F-100000@haggis.ma.certco.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

> Maybe this is a MS thing - but explain to me again why the non-system service
> needs the ability to become the remote user?

So that it can be a non-system service. :)

It means that the server-writer doesn't have to emulate all the permission
checks that the operating system would normally do. That kind of thing
is error-prone and risky.
	/r$


home help back first fref pref prev next nref lref last post