[74] in Kerberos
Re: realm
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:22:51 1987
From spm@ATHENA.MIT.EDU Fri Sep 5 18:01:54 1986
To: bcn%deep-thought@eddie.mit.edu
Cc: spm@athena.mit.edu
Cc: kerberos@athena.mit.edu
Cc: spm@menelaus.mit.edu
Subject: Re: realm
In-Reply-To: Your message of Wed 3 Sep 86 14:21:42-EDT.
<12236033903.14.BCN@DEEP-THOUGHT.MIT.EDU>
Date: Fri, 05 Sep 86 18:02:21 -0500
From: Steve Miller <spm@ATHENA.MIT.EDU>
It (check_auth_type()) is similar, but not identical to the an_to_ln(),
but semantically quite different. an_to_ln() maps from an athena Kerberos
name to a system specific name, but does not imply any authorization.
For example, it could be used to map Kerberos names into Kanji characters
in Japan! As Cliff mentioned, it could be managed by the system or some
central authority.
The check_auth_type_1() would operate on a name (Kerberos or local, by
convention), and return an authorization. This needs to be managed by
whoever is allowed to control a given service. E.g. I manipulate the
files authorizing access to my account.
