[466] in Kerberos
my second question related to Kerberos
daemon@TELECOM.MIT.EDU (Jerry Scharf)
Thu Jul 28 18:26:20 1988
From: Jerry Scharf <jerry@PIONEER.ARC.NASA.GOV>
To: kerberos@ATHENA.MIT.EDU
As one of the people who started the whole issue of lifetimes of Kerberos
tickets, my question was adressed in the sense that there was a large
response that longer tickets were needed. I agree, but was asking also if
there are any ideas to reduce the risk of a lost ticket, thus making the
idea of a longer ticket not represent a weakening of the system security.
The other question I had was on the idea of batch jobs working as agents
for an authenticaed user. There has been work done on the ability to pass a
ticket on to an agent, and have that agent represent itself as the user. This
seems like a critical issue for batch job preocessing, and wanted to know
if Kerberos could/should be extended to allow this model of authentication.
Jerry Scharf
NASA Ames Research Center
