[94] in Zephyr_Bugs
Authentication using a remote realm
daemon@ATHENA.MIT.EDU (Derek Atkins)
Fri Aug 24 21:00:33 1990
To: bug-zephyr@MIT.EDU
Cc: warlord@MIT.EDU
Date: Fri, 24 Aug 90 21:00:18 EDT
From: Derek Atkins <warlord@MIT.EDU>
If you are authenticated to Kerberos in a remote realm, and then try to
send a zephyr message, the message comes Unauthentic, even though you
have a ticket. Moreover, you DO get a zephyr.zephyr@ATHENA.MIT.EDU ticket,
but the message is still unauthentic.
My idea about this is that the Hostmanager adds the zephyr realm to the user,
and that is a compile-time definition. Since the hostmanager was set to
the ATHENA.MIT.EDU realm, but the ticket was for CS.BERKELEY.EDU, it
came unauthentic, even though there was a ticket.
Probably the hostmanager should check the principal and verify that it is
the same as the realm, or it should change the user realm to reflect the
kerberos principal. Since the purpose is authentication, the hostmanager
shouldn't assume the realm of the user, even though it assumes what realm
IT is in...
-derek
--warlord
