[5825] in Kerberos
Re: [Q] Kerberos Operation.
daemon@ATHENA.MIT.EDU (Donald T. Davis)
Wed Sep 6 09:42:19 1995
To: kerberos@MIT.EDU
From: "Donald T. Davis" <don@cam.ov.com>
Date: Wed, 06 Sep 1995 09:24:00 -0400
simun@oberon.postech.ac.kr wrote:
> Suppose that Kerberos system is operating in our university.
> I think that anyone who is in the university can do everything,
> such as remote login or telnet, etc. But can someone who is
> outside the university access hosts within the university?
(i'm responding to the list, because my e-mail response
bounced.)
you're almost right. people outside the university won't
be able to do anything, unless you add them to the database
one-by-one. with the usual setup, everyone inside the
university will be able to login to most of the the machines,
but will not ordinarily use rlogin or telnet. normally, only
the system operators and system administrators will use
rlogin, telnet, etc. to access servers. they will also be
able to access every machine on campus, though you can also
set things up so that some of the admin people can access
only some of the servers, and other administrators can access
only other servers. thus, each group of administrators can
have a different group of servers to run. this is called
compartmentalization, and is good for administrative
accountability.
-don davis, boston
