[639] in Kerberos_V5_Development
Re: Realm quality decisions
jfc@ATHENA.MIT.EDU (jfc@ATHENA.MIT.EDU)
Wed Mar 6 16:44:16 1991
Assuming it is prohibited, I think krb.realms should add an extra field
indicating that a realm is trusted (like "admin server" in krb.conf). As a
matter of policy, we should trust a subset of the realms we share keys with
and not allow tickets with more than one hop.
A server should not grant a ticket for a principal in a realm with which it
shares a key unless it comes directly from that realm, so it can use the
shared key to verify the ticket (this guarantees that when the LCS kerberos
server says something comes from ATHENA, it came from the MIT ATHENA).
