[36339] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: revocation feature in Kerberos

daemon@ATHENA.MIT.EDU (Booker Bense)
Sun Aug 3 14:34:17 2014

MIME-Version: 1.0
In-Reply-To: <82E7C9A01FD0764CACDD35D10F5DFB6E70F3EC@001FSN2MPN1-045.001f.mgd2.msft.net>
Date: Sun, 3 Aug 2014 11:33:58 -0700
Message-ID: <CAEGpuoid80bP2Gj2E8R4-341VyBryzxTRQHcMbnU3qH+eqWSAQ@mail.gmail.com>
From: Booker Bense <bbense@gmail.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

This whole conversation seems misguided to me. Kerberos is an
authentication system, not an authorization one. Access to a service is an
authorization issue. Since there is no universal authorization scheme for
kerberos applications, any workable revocation system will have to
build that first. That would be a very useful tool, but I'm afraid it might
be about 20 years too late.

- Booker C. Bense
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[36339] in Kerberos

Re: revocation feature in Kerberos

daemon@ATHENA.MIT.EDU (Booker Bense)Sun Aug 3 14:34:17 2014

daemon@ATHENA.MIT.EDU (Booker Bense)
Sun Aug 3 14:34:17 2014