[310] in Kerberos
Re: Yet another addendum
daemon@TELECOM.MIT.EDU (Theodore Ts'o)
Fri Jan 29 11:36:25 1988
From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: bcn@june.cs.washington.edu
Cc: treese@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU
In-Reply-To: Clifford Neuman's message of Thu, 28 Jan 88 17:22:56 PST,
Reply-To: tytso@ATHENA.MIT.EDU
Date: Thu, 28 Jan 88 17:22:56 PST
From: bcn@june.cs.washington.edu (Clifford Neuman)
The answer to Jeff's problem is to require that the response to a
request from kerberos for a ticket with a different internet address
come back encrypted in the users secret key instead of the session
key. As such, the user would be required to type in his password
again.
Instead of doing that, why not modify Kerberos so that you can ask for a
Ticket Granting Ticket for any arbitrary internet address? Or is that
what you're suggesting already? (Your mention of "instead of the
session key" leads me to assume that that's not what you intended.)
- Ted
