[3889] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Master Slave Configuration Setup

daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Wed Sep 21 20:07:44 1994

Date: Wed, 21 Sep 1994 11:41:16 +0500
From: "Mark W. Eichin" <eichin@MIT.EDU>
To: orion@iastate.edu (Phi H Truong)
Cc: kerberos@MIT.EDU
In-Reply-To: [3884]

Note that with the MIT code, the master must have a *primary* name of
"kerberos"; that's how they do authorization. (Authentication is done
with rcmd.)

CNS on the other hand uses the local krb.conf on the slave to do
authorization -- when the slave gets a kprop request, after it
authenticates it, it checks to see if that host is listed as an "admin
server" and if so, accepts it. This seperates the control issue, and
avoids the need for a special primary name.

								_Mark_


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3889] in Kerberos

Re: Master Slave Configuration Setup

daemon@ATHENA.MIT.EDU (Mark W. Eichin)Wed Sep 21 20:07:44 1994

daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Wed Sep 21 20:07:44 1994