[633] in Kerberos_V5_Development
Realm quality decisions
tytso@ATHENA.MIT.EDU (tytso@ATHENA.MIT.EDU)
Wed Mar 6 13:16:31 1991
I've been thinking that a good way to do realm quality checking is to
glom off of the krb.realms file. So the code would accept a ticket so
long as all transited realms where in the krb.realms file. Possible
extensions might include a limit on the maximum number of transited
realms a ticket may have.
Another extension would be to have a field after the each realm entry
that states whether or not this realm should be truested. This only
would be useful if there was a reason why we might want to have a realm
in krb.realms (so that we could talk to a realm that we didn't trust).
I suppose that come be useful, but I'm not sure how useful it would be.
Comments?
