[368] in Kerberos
Re: kerberos question
daemon@TELECOM.MIT.EDU (Jordan Hayes)
Tue Apr 19 18:53:51 1988
From: jordan@UCBARPA.BERKELEY.EDU (Jordan Hayes)
To: sdsu!vinge@UCSD.EDU
Cc: kerberos@ATHENA.MIT.EDU
From: sdsu!vinge@ucsd.edu (Vernor Vinge)
Why is it necessary to include the client's IP address in
the tickets and authenticators? Wouldn't the client's name
suffice?
I don't think there's a big problem just using the name, except
that it's probably easier to code using an IP address, since it's
a fixed length. The other problem is that you may not be able to
resolve the name correctly all the time. Probably it's just easier.
I'm not sure what the system does about gateways (those machines
that have more than one IP address), but it probably checks all
the addresses.
Why is it necessary to include the server's name in the
ticket?
To make sure you get the right server? You need to tell the
ticket-granting service which server you want, so I assume it's in
the initial request.
Who on the kerberos design-team is on this list?
/jordan
