[490] in Kerberos_Protocol

home help back first fref pref prev next nref lref last post

Re: Section 1 Kerberos Revisions for comment

daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Aug 3 09:49:26 2000

To: Clifford Neuman <bcn@ISI.EDU>
Cc: ietf-krb-wg@anl.gov, krb-protocol@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 03 Aug 2000 09:48:34 -0400
In-Reply-To: Clifford Neuman's message of "Wed, 2 Aug 2000 19:27:14 -0700 (PDT)"
Message-ID: <tsld7jqa219.fsf@sweet-transvestite.mit.edu>

In section 1.2, you have the following text:


<P> 

 When utilizing the name canonicalization function provided by the
 Kerberos server, the client can make a request providing just the
 service principal name (which may be one of several used by a service)
 and requesting name canonicalization from the Kerberos server. The
 Kerberos server will attempt to locate a service principal in its
 database that best matches the request principal or provide a referral
 to another Kerberos realm that may be contain the requested service
 principal.


This implies that I could use the Kerberos database as a service
directory, asking for the fileserver simply by asking fdor the
fileserver principal and then decomposing the result to get a name.
The Kerberos protocol should not be in the business of service
location.  SLP or SRV records or numerous other protocols  in the IETF already do a better job of this task.



home help back first fref pref prev next nref lref last post