[1806] in Kerberos
Questions about Kerberos Version 5: Attn: Ted T'so
daemon@ATHENA.MIT.EDU (Lorrayne Schaefer)
Fri Mar 13 13:07:48 1992
Date: Fri, 13 Mar 1992 16:04:42 GMT
From: lorrayne@smiley.mitre.org (Lorrayne Schaefer)
To: kerberos@shelby.Stanford.EDU
I was hoping you can answer some questions for me concerning Kerberos
version 5.
1. Do you know when the release date for Kerberos version 5 will be,
or when do you think beta testing will be over?
2. When will the updated RFC be available for version 5? I have 4.1
and understand that revision 5(?) will be available soon (I really
hope it's within a week or two because I would like to incclude it in
my paper's references).
Now for some slightly more difficult questions:
3. How does one remove a person's privileges from authorization data?
What if a principal who currently does not have access (or permission)
to file Y on system X (this is recorded as authorization data on the
principal's ticket) who later will have permission to access file Y on
system X? How is this reflected in the authorization data if no
authorization data is omitted when transferring authorization data
from the existing TGT to a new TGT?
4. In all of the papers I have read there is a description of a
three-way step towards authenticating a principal to a server. But,
there is no description of how the principal (let's say a server)
receives the private key or how Kerberos even knows that the server
exists or that the server even knows who the Kerberos server is. I
guess this should be called step zero: Establishing a private key.
Is the establishment of a private key done manually? by mail? face to
face? etc? I assume this is a system administration function where it
is done manually.
Lorrayne Schaefer
<lorrayne@smiley.mitre.org>
