[4011] in Kerberos
Re: I need comment on Kerberos vs. NetSP (IBM)
daemon@ATHENA.MIT.EDU (Robert G. Moskowitz)
Mon Oct 10 11:55:12 1994
Date: Mon, 10 Oct 94 06:35 EST
From: "Robert G. Moskowitz" <0003858921@mcimail.com>
To: mamros <mamros@ftp.com>, Kerberos <kerberos@MIT.EDU>
>>A. Kerberos :
>>
>>1. it requires that all parties be concurrently connected -> no suppor
>>for dial-in
>Absolutely false. One can dial in via PPP or SLIP, get a TGT via kinit,
>disconnect, and then re-connect sometime later (within the lifetime of
>the TGT) and use whatever "Kerberized" applications are available. This
>assumes that one will always use the same IP address on every dial-in,
>but even if that's not the case, the cost of re-kinit'ing is very low
>(see below).
Problem with this in many cases is each connect to the PPP provider could
yield a different IP address, thus making the TGT worthless. Thus a new
kinit would be needed and any running applications are doublely lost...
Bob Moskowitz
Chrysler
