in Kerberos_Protocol
Re: Section 1 Kerberos Revisions for comment
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Aug 3 09:49:26 2000
To: Clifford Neuman <bcn@ISI.EDU>
Cc: firstname.lastname@example.org, krb-protocol@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 03 Aug 2000 09:48:34 -0400
In-Reply-To: Clifford Neuman's message of "Wed, 2 Aug 2000 19:27:14 -0700 (PDT)"
In section 1.2, you have the following text:
When utilizing the name canonicalization function provided by the
Kerberos server, the client can make a request providing just the
service principal name (which may be one of several used by a service)
and requesting name canonicalization from the Kerberos server. The
Kerberos server will attempt to locate a service principal in its
database that best matches the request principal or provide a referral
to another Kerberos realm that may be contain the requested service
This implies that I could use the Kerberos database as a service
directory, asking for the fileserver simply by asking fdor the
fileserver principal and then decomposing the result to get a name.
The Kerberos protocol should not be in the business of service
location. SLP or SRV records or numerous other protocols in the IETF already do a better job of this task.