[4017] in Kerberos
Basic Naive Questions
daemon@ATHENA.MIT.EDU (Jason Rosenberg)
Tue Oct 11 02:38:21 1994
To: kerberos@MIT.EDU
Date: 10 Oct 1994 23:15:57 -0700
From: jason@lanai.cs.ucla.edu (Jason Rosenberg)
I am trying to come up to speed with using kerberos within
our existing system. I have read the document: "Kerberos V5 application
programming library" (from the doc/api directory), as well the
RFC 1510 document by Kohl and Neuman. I have also looked at the
"Kerberos V5 Implementer's Guide" (from the doc/implement directory),
but didn't "feel ready".
I have several basic questions:
First, is there a document anywhere that describes all the datastructures
(or should I just look at the source and header files and figure it out...)?
Furthermore, is there any documentation describing the
basic procedure for getting started. In other words, do
I need to write my own KDC server, using library calls, or does there
exist a configurable stand-alone version which does this?
Also, it looks like I will need to use and maintain things like the
credentials cache and replay cache, etc., how is this normally handled?
I mean, I can see from the function descriptions how to add, delete,
create, etc., but I'm looking for details on when and why I need to
use it...(I'm hoping there is another document available which might
show in simple block diagrams, the process of accessing the various
caches and tables).
Our system is a client-server multi-media database. In order to use
kerberos, in my current naive understanding, there are essentially
3 programs that I will need to build. (1) A KDC server, (2) my
application server, (3) my application client. Is this accurate? Or
should the KDC server be completely incorporated into the application
server instead of being a separate process. Which pieces of this
need to do things like maintain a credentials cache, replay cache,
key table, etc., etc. (I am assuming these all belong to the KDC)?
As you can tell, I am missing certain organizational understanding of
the problem. I am hoping there is an existing piece of documentation
out there that I am missing. Simply having the function definitions
is not quite adequate. I need to know why I want to do certain things.
However, I am certainly willing to go to the
"ask the comp.protocols.kerberos gurus" route, if there really is no
further basic documentation.
Would some of these basic questions be answered if I were to look at
the more mature documentation for V4? Or might that be counter-productive?
I only ever plan to use the current protocol (is this a reasonable
plan?).
Thanks,
Jason
--
Jason Rosenberg Computer Science Department
jason@cs.ucla.edu University of California
Los Angeles, CA 90024
