[678] in Kerberos
daemon@TELECOM.MIT.EDU (don@ATHENA.MIT.EDU)
Mon Mar 27 20:24:46 1989
From: don@ATHENA.MIT.EDU
To: geer@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU, krb-protocol@ATHENA.MIT.EDU,
Currently, Kerberos supports only user-to-secure-host authentication.
Ralph Swick and I, Don Davis, have completed a proposal for adding
full-tilt user-to-user authentication to the Kerberos protocol.
Our extension would allow the authentication of workstation-to-workstation
rcp requests, X service, etc. Our paper also discusses some naming and
authorization problems that we expect to see in an environment of
workstation-services. Finally, we describe a straightforward Kerberos
application, called "rkinit", which would securely propagate a user's
tickets to a remote host, and which would use the proposed protocol extension.
We invite you to examine and comment upon our proposal. The document is
titled, "Workstation Services and Kerberos Authentication at Project Athena".
You can get it via anonymous ftp to athena-dist.mit.edu; see the
PostScript file pub/kerberos/user2user.PS .
If you want hard copy, as some do, please call or write to us.
Please send your comments to krb-protocol@athena.mit.edu .
-Don Davis, Athena/MIT -Ralph Swick, Athena/DEC
MIT room E40-319 MIT room E40-327
Cambridge, MA 02139 Cambridge, MA 02139
(617)253-1409 (1-9pm Eastern) (617)253-1506
don@athena.mit.edu swick@athena.mit.edu
