[4016] in Kerberos
Re: I need comment on Kerberos vs. NetSP (IBM)
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Tue Oct 11 01:48:34 1994
To: kerberos@MIT.EDU
Date: 11 Oct 1994 01:29:15 -0400
From: tls@panix.com (Thor Lancelot Simon)
In article <41941010113514/0003858921NA2EM@mcimail.com>,
Robert G. Moskowitz <0003858921@mcimail.com> wrote:
>>>A. Kerberos :
>>>
>>>1. it requires that all parties be concurrently connected -> no suppor
>>>for dial-in
>
>>Absolutely false. One can dial in via PPP or SLIP, get a TGT via kinit,
>>disconnect, and then re-connect sometime later (within the lifetime of
>>the TGT) and use whatever "Kerberized" applications are available. This
>>assumes that one will always use the same IP address on every dial-in,
>>but even if that's not the case, the cost of re-kinit'ing is very low
>>(see below).
>
>Problem with this in many cases is each connect to the PPP provider could
>yield a different IP address, thus making the TGT worthless. Thus a new
>kinit would be needed and any running applications are doublely lost...
But people who use "dynamic" IP addressing *deserve* to lose! What's the
problem?
--
Thor Lancelot Simon tls@panix.COM
- What is hardest to accept about the passage of time is that the people who -
- once mattered the most to us are wrapped up in parentheses. --John Irving -
