[1735] in Kerberos
Re: protocol question
daemon@ATHENA.MIT.EDU (Joe Pato)
Tue Jan 21 17:30:21 1992
From: pato@apollo.com (Joe Pato)
Date: Tue, 21 Jan 92 16:31:19 EST
To: marantz@cs.rutgers.edu
Cc: whrahe@somnet.sandia.gov, kerberos@Athena.MIT.EDU
In-Reply-To: marantz@cs.rutgers.edu, tue, 21 jan 92 15:28:28
Do you want (are you able?) to share ideas and/or code? I don't see
why the program(s) can't have policy control over who can do what
where.
Roy
I agree with this question. The DCE User Registration service provides a
remote administration facility to manipulate the contents of the Kerberos
database. All data manipulations are remote (and authenticated) - there is no
tool for direct manipulation of the database. The database server implements
an ACL facility to allow fine grained control over who can manipulate
individual fields of the database.
The DCE code is not public-domain, but it is available from the OSF and soon to
be available from many vendors in binary form. The network interfaces for the
DCE services (including the User Registration service) will be published by
the OSF independently of the licensed code.
-- Joe Pato
Cooperative Object Computing Division / East
Hewlett-Packard Company
pato@apollo.hp.com
-------
