in Kerberos_Protocol
Re: Ticket extensions in Kerberos revisions
daemon@ATHENA.MIT.EDU (Rich Salz)
Wed May 3 22:07:17 2000
Date: Wed, 3 May 2000 22:07:00 -0400 (EDT)
From: Rich Salz <firstname.lastname@example.org>
To: Ken Hornstein <email@example.com>
Cc: cat-ietf@MIT.EDU, krb-protocol@MIT.EDU
Content-Type: TEXT/PLAIN; charset=US-ASCII
> Maybe this is a MS thing - but explain to me again why the non-system service
> needs the ability to become the remote user?
So that it can be a non-system service. :)
It means that the server-writer doesn't have to emulate all the permission
checks that the operating system would normally do. That kind of thing
is error-prone and risky.