[2804] in Kerberos
Re: user-to-user protocol
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Sep 10 01:42:28 1993
Date: Fri, 10 Sep 93 01:13:50 EDT
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
To: tytso@ATHENA.MIT.EDU
Cc: Jim_Miller@suite.com, kerberos@MIT.EDU
In-Reply-To: Theodore Ts'o's message of Thu, 9 Sep 93 16:17:44 EDT,
After rereading my last posting, I realized I should have done better
proofing before sending out the text.
1) In all of the places where I wrote "Kerberos client", and "Kerberos
server", I should have used "Kerberos application client", and "Kerberos
application server" --- the use of "Kerberos server" was unfortunate,
since it could have been confused with the Kerberos KDC.
2) More importantly, in the following paragraph, the word "dependent",
really should have been "independent" --- this makes a significant
difference to its meaning, and should hopefully make more sense!
Your hypothesis that the Kerberos V5 routines are actually more general
than those proposed in the document is partially correct; it is always
the case that who takes on the role of the "Kerberos client" --- by
which I mean who calls mk_krb_req --- and who takes on the role of the
"Kerberos server" --- by which I mean who calls rd_krb_req --- is
dependent of who initiates the TCP connection. This is true both of
^^^^^^^^^
user-to-user authentication, as well as normal kerberos connection.
- Ted
