[4024] in Kerberos
Re: I need comment on Kerberos vs. NetSP (IBM)
daemon@ATHENA.MIT.EDU (Shawn Mamros)
Wed Oct 12 10:13:53 1994
To: kerberos@MIT.EDU
Date: Wed, 12 Oct 1994 09:49:18
From: mamros@ftp.com (Shawn Mamros)
Reply-To: mamros@ftp.com
schwartz@galapagos.cse.psu.edu (Scott Schwartz) writes:
>tls@panix.com (Thor Lancelot Simon) writes:
> But people who use "dynamic" IP addressing *deserve* to lose! What's the
> problem?
>
>We have more potential slip users than ip addresses. What do you
>suggest we do about it?
One possibility would be to tie in kinit/kdestroy with the SLIP (or PPP)
login/logout procedure. Do a kinit right after the dial-up connection
is established, and a kdestroy at the same time the hangup is done.
Also, keep in mind that application servers don't have to check the
client's address if they don't want/need to do so. Both the V4 and the
V5 rd_req() functions allow for a zero or NULL argument for the sender's
address, in which case that check isn't done.
I don't agree with Thor's statement at all - dynamic IP addressing is
a valid and needed solution in many situations. The only situation
where I think one would "lose" is if you had some sort of application
which expected to maintain some sort of network connection "state"
over multiple dial-in connections if dynamic addressing were used.
But TCP/IP in general would tend to lose in that sort of situation
anyways, so I think Kerberos would be the least of one's worries there.
-Shawn Mamros
E-mail to: mamros@ftp.com
