[3869] in Kerberos
hierarchical realms
daemon@ATHENA.MIT.EDU (Joe Ramus)
Mon Sep 19 17:04:15 1994
Date: Mon, 19 Sep 94 13:44:58 PDT
From: ramus@nersc.gov (Joe Ramus)
To: kerberos@MIT.EDU
>> From warlord@MIT.EDU Mon Sep 19 13:13:12 1994
>> Return-Path: <warlord@MIT.EDU>
>> To: zhgpc@ubs.ch (Graber Patrick)
>> Cc: kerberos@MIT.EDU
>> Subject: Re: crash of a Kerberos server
>> In-Reply-To: [3860] in Kerberos
>> Date: Mon, 19 Sep 94 15:22:53 EDT
>> From: Derek Atkins <warlord@MIT.EDU>
>>
>> > Is it possible to built hierarchical realms?
>>
>> Well, I guess it depends on what you mean by hierarchical realms? I
>> believe the answer is "yes", but it depends on what you are trying to
>> accomplish. A realm is a realm, and the authorization of
>> warlord@ATHENA.MIT.EDU is not the same as the authorization of
>> warlord@MEDIA-LAB.MIT.EDU, which is not the same as the authorization
>> of warlord@LAB214.BELLCORE.COM or warlord@GZA.COM, even though I am
>> the person that owns those IDs.
>>
>> Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
The ESnet Kerberos Pilot Project has demonstrated how a ticket
from one realm can be "trusted" in another realm. This is the
concept of Cross Realm Authentication.
The "trust relationships" can be set up as hierarchical realms or
a configuration file may be used with non-hierarchical realm names.
----------------------------------------------------------------
| Joe Ramus NERSC Livermore (510) 423-8917 ramus@nersc.gov |
----------------------------------------------------------------
