[2801] in Kerberos
user-to-user protocol
daemon@ATHENA.MIT.EDU (Jim Miller)
Mon Sep 6 19:15:36 1993
From: jim@bilbo.suite.com (Jim Miller)
Date: Mon, 6 Sep 93 17:36:44 -0500
To: kerberos@MIT.EDU
Reply-To: Jim_Miller@suite.com
I'm looking at the user-to-user example code that comes with Kerberos V5 beta 2
and I'm comparing it to the user-to-user protocol described in the document
"Workstation Services and Kerberos Authentication at Project Athena" by Don
Davis(MIT Staff) and Ralph Swick(DEC) dated March 17, 1989 (user2user.ps.Z).
The user2user protocol used in the Kerberos V5 example is not the same as the
protocol described in the user2user.ps document. The primary difference is
that, in the Kerberos V5 example, the "server" communicates with the KDC,
whereas in the user2user document, the "client" communicates with the KDC.
Why the difference?
One possible answer is that the Kerberos V5 routines that do the user2user
stuff actually more general than those proposed in the document. Perhaps they
give you the option of having either the "client" or the "server" perform the
exchange with the KDC. Is this the case, or must the "server" perform the
exchange, as shown in the example code?
Are there any documents that describe how the user-to-user protocol was
actually implemented in Kerberos V5?
Thanks,
Jim_Miller@suite.com (or just jim@suite.com)
