[123] in Zephyr_Comments
Re: inconsistent Kerberos behavior
daemon@ATHENA.MIT.EDU (Jerome H. Saltzer)
Fri Oct 28 11:31:39 1988
Date: Fri, 28 Oct 88 11:30:46 EDT
To: John T Kohl <jtkohl@ATHENA.MIT.EDU>
Cc: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>,
In-Reply-To: John T Kohl <jtkohl@ATHENA.MIT.EDU>'s message of Fri, 28 Oct 88 11:04:01 EDT
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> Jerry asks about making the default behavior of zwrite be to send
> unauthentic when no ticket file exists.
>
> This can be done, but should it be done? The default action is to send
> authentic. We could have it print a message when it can't send
> authenticated, and then go ahead unauthenticated.
Context is important here. The suggestion arises because Zephyr
already sends unauthentic if the ticket file exists but the ticket is
expired. It is (alleged to be) hard to keep it from doing that; my
proposal is to make its behavior consistent, on the user-friendly
design principle of minimum surprise.
> If the user explicitly requests authentication (-a), it probably
> shouldn't send unauthentic.
And, I assume, return an error saying that it didn't send the notice.
That seems right. (But is there any way to assure that the notice
isn't sent if the user specifies -a but the ticket is expired?)
Jerry
