[24317] in Kerberos
Re: EAP-Kerberos
daemon@ATHENA.MIT.EDU (Saber Zrelli)
Mon Jul 18 17:08:35 2005
Date: Tue, 19 Jul 2005 03:12:21 +0900
From: Saber Zrelli <zrelli@jaist.ac.jp>
In-reply-to: <tslr7dwyj27.fsf@cz.mit.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>
Message-id: <20050718181221.GD26064@mlserv.jaist.ac.jp>
MIME-version: 1.0
Content-type: text/plain; charset=euc-jp
Content-disposition: inline
cc: kerberos@mit.edu
cc: cmh@netsteady.cc
Errors-To: kerberos-bounces@mit.edu
Hi ,
In the IAKERB draft, the followins is said :
===========
6. The IAKERB proxy protocol :
...
The IAKERB proxy is responsible for locating an appropriate KDC using the realm
information in the KDC request message it received from the client.
...
============
I appologize for my misleading affirmation, The IAKERB proxy can
be used by the client to obtain cross realm ticket that can be used
in the visited realm.
I was referring to a KDC instead of an IAKERB proxy. My thoughts are
that these proxying functionalities should be moved to the KDC of
the visited realm. But this would be another topic that I wish to
start soon.
Best Regards,
Saber.
* On 21:55, Sun 17 Jul 05, Sam Hartman wrote:
> >>>>> "Saber" == Saber Zrelli <zrelli@jaist.ac.jp> writes:
>
> Saber> when some visiting user would like to connect to a foreign
> Saber> wireless network, In addition to the bootstrapping problem,
> Saber> the actual protocol defined by IAKERB does not allow the
> Saber> operator to authenticate the visiting user since he/she is
> Saber> not registered in the local DB. Hence there is need to
> Saber> extend the proxy properties to perform inter-realm
> Saber> operations (to communicate with the user's home realm ) for
> Saber> authenticating roaming users.
>
> For the record, I strongly disagree with the above.
>
> I don't have time to explain now, but will try to get to it reasonably soon.
--
Saber ZRELLI <zrelli@jaist.ac.jp>
Japan Advanced Institute of Science and Technology
Center of Information Science
Shinoda Laboratory
url : http://www.jaist.ac.jp/~zrelli
gpg-id : 0x7119EA78
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
