[324] in Kerberos_V5_Development
Re: How do you map Kerberos names into account names?
daemon@ATHENA.MIT.EDU (John T Kohl)
Fri Oct 12 14:17:20 1990
Date: Fri, 12 Oct 90 14:17:01 -0400
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: Jerome H Saltzer <Saltzer@mit.edu>
Cc: krbdev@ATHENA.MIT.EDU
In-Reply-To: [276] Jerome H Saltzer's message of Mon, 10 Sep 90 15:54:48 EDT,
> Date: Mon, 10 Sep 90 15:54:48 EDT
> From: Jerome H Saltzer <Saltzer@mit.edu>
> Sender: jhs@ALLSPICE.LCS.MIT.EDU
Sorry nobody answered this earlier...
> The following appeared in a late July message on the Kerberos list:
> > Due to our fine sense of planning, and a few other problems as well, users
> > have been assigned different names according to which computer they are
> > running on.
> This guy appears to need a feature that was originally planned for
> Kerberos, but may not be fully implemented: a back-and-forth mapping
> between the principal ID used by the Kerberos server and the login
> ID used by the system.
Well, we have at least a one-way mapping via a DBM file in the existing
V5 code. The application server provides a principal structure, and
gets back either a "local account name" or an error code.
Making this database bi-directional is a bit inefficient using DBM
(unless we want to use two halves to the database...).
The interface is isolated from the rest of the V5 code, so it should be
possible for someone to implement a two-directional translation.
John
