[972] in Kerberos
Accounting Services, etc.
daemon@ATHENA.MIT.EDU (Clifford Neuman)
Sat Jun 2 01:54:19 1990
Date: Fri, 1 Jun 90 22:00:29 -0700
From: bcn@cs.washington.edu (Clifford Neuman)
To: kerberos@ATHENA.MIT.EDU
In-Reply-To: (Jeffrey M. Keller's message of 2 Jun 90 01:25:17 GMT <4007@darkstar.ucsc.edu>
I have put considerable thought into how to properly handle both
authorization and accounting through Kerberos. The authorization data
field in version 5 of Kerberos allows these functions to be easily
supported. I have been working on a paper that outlines my approach,
but that paper has been temporarily on hold. If people keep after me,
I will polish it off. The abstract follows.
~ Cliff
---
Authentication Based Authorization and Accounting
In recent years there has been much interest in secure authentication
of principals across computer networks. There was been less
discussion of distributed mechanism to support authorization and
accounting. These problems are much closer to authentication than
most people realize. By generalizing the authentication model to
support restricted proxies, both authorization and accounting can be
easily supported. This paper shows how to support restricted proxies
in an authentication system, presents the appropriate model for
authorization and accounting, and describes how they may be easily
implemented on top of authentication.
