[19060] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Manageability of larger networks

daemon@ATHENA.MIT.EDU (Dr. Greg Wettstein)
Mon Apr 14 09:19:02 2003

Message-Id: <200304141318.h3EDI1Xr005943@wind.enjellic.com>
From: greg@wind.enjellic.com (Dr. Greg Wettstein)
Date: Mon, 14 Apr 2003 08:18:01 -0500
In-Reply-To: Turbo Fredriksson <turbo@bayour.com>
       "Re: Manageability of larger networks" (Apr 13,  2:15pm)
To: Turbo Fredriksson <turbo@bayour.com>, kerberos@mit.edu
Reply-To: greg@enjellic.com
Errors-To: kerberos-bounces@mit.edu

On Apr 13,  2:15pm, Turbo Fredriksson wrote:
} Subject: Re: Manageability of larger networks

> It's been discussed before. Kerberos is a AUTHENTICATION
> system, not a AURHORIZATION system. For authorization,
> use LDAP (my personal favorite).
> 
> > What concept is usually used to manage separate
> > user groups in the Kerberos world?
> 
> You don't. You have principals. (dot, end, no more, ende
> etc).
> 
> For saying 'user/application x have access to y', use
> LDAP.

For those people interested in authorization vs. authentication I am
working out the details of a GPL release of the Hurderos architecture
which leverages both LDAP and Kerberos to provide, IMHO, a pretty
unique solution to the problem of fine-grained authorization.

After working on this for about 4 years I can underscore what Turbo is
saying, Kerberos is not the place to be dealing with authorization
issues.  Its an excellent authentication and symmetric key management
system which should be leveraged for its strengths and not complicated
with other issues.

}-- End of excerpt from Turbo Fredriksson

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-4950            WWW: http://www.enjellic.com
FAX: 701-281-3949           EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"We are confronted with insurmountable opportunities."
                                -- Walt Kelly
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post