[494] in Kerberos
re: rcp - a non-trivial problem
daemon@TELECOM.MIT.EDU (Jerome H. Saltzer)
Mon Sep 5 12:41:55 1988
To: <qjb@ATHENA.MIT.EDU>
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: <qjb@ATHENA.MIT.EDU>'s message of Sun, 4 Sep 88 20:06:24 EDT
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> One of the unresolved (to my knowledge) problems with Kerberos is
> ticket forwarding. One of the manifestations of this is in rcp:
> . . .
> P.S. I decided not to send this to bugs. If you think that it should
> go to bugs, feel free to forward it...
Jay,
This problem is definitely not a bug, it is a limitation in the
current design, and will require some careful thinking to decide just
what design extension is the right one.
One reason why forwarding is not easy to work out is that your
ticket, in order to complicate the life of anyone who hopes to make a
killing by snatching a copy of the ticket from your workstation,
contains your network address inside. It isn't valid when used from
any other network address. A second reason is a strong feeling that
in forwarding situations, the ultimate target should receive
authenticated information that both the originater and the
intermediary are involved in the transaction, in case the target
cares. And, finally, any solution is likely to need to deal with
more than one level of forwarding.
Jerry
