[1708] in Kerberos
Re: cron jobs and ticket lifetimes
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Fri Jan 10 16:39:46 1992
From: jon@MIT.EDU (Jon A. Rochlis)
To: linehan@watson.ibm.com (Mark Linehan)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of 08 Jan 92 20:58:45 +0000.
Date: Fri, 10 Jan 92 15:47:47 GMT
Most user's do not run cron jobs at MIT, much of our usage comes from
serial-resuable public workstations. Users who have workstations in
their offices may run cron jobs in two ways:
1) the jobs only use local resources and don't require
kerberos authentication
2) run as as pseudo user obtaining authentication by using a
key stored in a srvtab. This means that user id (e.g. rcmd.machine)
are only as secure as the workstation that holds their private
keys. We have been doing this for some servers and putting
rcmd.machine or whatever on AFS acls.
Version 5 Kerberos allows you to request tickets that start at a given
time in the future so it makes this a much easier problem to work.
-- Jon
