[6349] in Kerberos
Using krb in a multiple realm environment
daemon@ATHENA.MIT.EDU (Gary Gaskell)
Mon Dec 11 21:17:41 1995
Date: Tue, 12 Dec 1995 12:00:23 +1000 (EST)
From: Gary Gaskell <gaskell@dstc.edu.au>
To: Douglas Engert <b17783@achilles.ctd.anl.gov>
Cc: kerberos@MIT.EDU, David Conran <conran@dstc.edu.au>,
Jason Andrade <jason@dstc.edu.au>,
Andrew Sammut <sammut@dstc.qut.edu.au>
In-Reply-To: <199507191236.HAA13196@achilles.ctd.anl.gov>
Hi Doug,
I thought you might be the best person to respond to this question.
The situation here is that six universities are involved in the DSTC.
Currently our admins use kerberised rlogin to login securely to the
various universities to perform admin tasks. We have elected to do this
via two different kerberos realms.
The usability question is:
The default is that only one TGT exists in the user's cache at once. Now
say that I am doing work locally (at realm = DSTC.QUT.EDU.AU) and what to
concurrently do work at another university (At realm = DSTC.EDU.AU), when
I kinit to the other realm, it wipes out the TGT to the current realm.
Isn't that inconvenient?
Would it be silly to hack the code to allow more than one TGT? Anyone
else hassled by this?
BTW, we found the bug with the ^c on OSF/1 3.2 on an alpha. I haven't
yet posted the fixes, as I wish to be very sure on the detail before I post
to such an astute audience (as it appears we triggered a kernel
"feature", and I must still write some exploratory code to replace the
error independently of the Kerberos rlogind code).
regards
Gary Gaskell Cooperative Research Centre for
Research Scientist Distributed Systems Technology
DSTC Ph: 61 7 3864 1051
Level 12, ITE Building Fax: 61 7 3864 1282
Queensland University of Technology Email: gaskell@dstc.edu.au
Brisbane, Australia. Ph (A/H) (07) 3857 7912
Mobile: 0411 221 946
_________________________________________________________________