[6838] in Kerberos
Re: time tracking with kerberos?
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Wed Mar 6 18:33:53 1996
Date: Wed, 6 Mar 96 17:03:07 EST
From: "Barry Jaspan" <bjaspan@bbnplanet.com>
To: sysop@omega.megahits.com
Cc: kerberos@MIT.EDU
In-Reply-To: [6834]
You haven't provided nearly enough information to get a decent answer.
How do your customers connect to the Internet? Do they use SLIP or
PPP to get IP connectivity through you, or do they log into your
timesharing machine, or something else?
You could probably warp Kerberos 5's renewable ticket feature into
something that would meter on-line time. Users could be issued
tickets with a long maxmimum renewable lifetime (say 24 hours, or even
infinite) but with a one-hour (or whatever resolution metering you
want) expiration time. Then, every hour, the client would have to
acquire a new ticket in order to continue operating.
This has all kinds of caveats, though. First, I do not think the
Kerberos library is currently set up to operate this way---tickets are
renewed only when they are used, not automatically, so if you users
were not actually using Kerberos services regularly this would not
help you. Furthermore, renewable tickets must be renewed before their
current expiration time expires... if a customer walks away from his
machine for an hour and the tickets expire, he would have to type his
password again to get a new renewable ticket.
So, in principal, Kerberos might be able to help you, but it is
probably not the right solution.
Barry
