[1726] in Kerberos
Re: Management and Kerberos
daemon@ATHENA.MIT.EDU (Joe Pato)
Fri Jan 17 15:28:44 1992
From: pato@apollo.com (Joe Pato)
Date: Fri, 17 Jan 92 14:29:03 EST
To: sommerfeld@apollo.com (Bill Sommerfeld)
Cc: jon@MIT.EDU, lunt@ctt.bellcore.com, tardo@nac.enet.dec.com,
In-Reply-To: sommerfeld (Bill Sommerfeld), fri, 17 jan 92 10:37:03
From: jon@MIT.EDU (Jon A. Rochlis)
Date: Friday, January 17, 1992 5:14:46 am (EST)
Joe, 2 questions:
1) What does "local machine's principal name" mean? Does DCE require
each client *machine* to have an authentication identity?
No, if there isn't a key on the local machine, the DCE login routines
do not verify the KDC (because they're not able to).
This is true, but in practice most DCE client machines will be principals since
they run a number of services that are logically exported by the machine
principal (e.g., time service, file service). I would expect that certain
machines (e.g., diskless machines) will not fall in to this class - and will
not have a principal identity.
- joe
-------
