[1759] in Kerberos
Restricted Proxies in Kerberos
daemon@ATHENA.MIT.EDU (pradym@microsoft.com)
Wed Feb 19 20:47:38 1992
To: kerberos@Athena.MIT.EDU
Date: Tue, 18 Feb 92 18:33:29 PDT
From: pradym@microsoft.com
According to Kerberos docs (V5 R4) the authorization-data
filed in the tickets can be used by the pricnipals to pass
on the authorization data to the application service. This
data is application-service-specific i.e. can only be
interpreted by that service. The spec also says that this
field can be used to issue proxies for specific purpose.
This implies that each application service must possess the
capability to process (i.e. interpret, understand and act
upon) the data in this field. It also means that the client
must be aware of, a priori, the format and type of data
that can be passed in this field to a given service. How
do restricted proxies work in DCE because DCE uses the
authorization-data field to transport a selaed privilege
attribute certificate.
I'd like to hear from those who have ported or wrote apps
that use this feature or plan to do so. I'd also like to
discuss the possibility of a library that handles all of
the proxy related operations.
Thanks,
Prady.
pradym@microsoft.com
