[393] in Kerberos
"Postdated" tickets?
daemon@TELECOM.MIT.EDU (Zalman Stern)
Tue Jun 14 00:13:59 1988
From: Zalman Stern <zs01+@andrew.cmu.edu>
To: kerberos@ATHENA.MIT.EDU
Is it possible to ask Kerberos for a ticket that is valid between two times in
the future? That is, good from say 10 hours from now until 20 hours from now?
If not, are there any inherent security problems in doing this?
I think it should be possible to exchange the times the ticket is valid for
over an authenticated connection so snoops wouldn't even know when the ticket
can be used. This might increase security slightly.
The reason I ask is because I have an idea for an at(1) like batch queue
program that could use postdated tickets to implement an authenticated file
service connection.
Sincerely,
Zalman Stern
Internet: zs01+@andrew.cmu.edu Usenet: I'm soooo confused...
Information Technology Center, Carnegie Mellon, Pittsburgh, PA 15213-3890
