[93] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: knetd

jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:25:31 1987

From jtkohl@ATHENA.MIT.EDU  Thu Sep 18 12:52:45 1986
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
Date: Thu, 18 Sep 86 12:50:33 EDT
To: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Cc: kerberos@athena.MIT.EDU
In-Reply-To: Jerome H. Saltzer's message of Wed, 17 Sep 86 23:31:46 EDT
Subject: Re: knetd
Us-Snail: Room A303, 4 Ames St, Cambridge, MA
Zip-Code: 02142-1306

Do we want the server to be able to see the kerberos authentication
ticket for its own purposes?  If not, it makes sense for the knetd to do
the decoding.  If so, I don't see an easy way to achieve it.

I don't like the idea of maintaining a table on disk of what connections
are currently "OK", mainly because it opens another possible window of
opportunity for breaching kerberos security.

John


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[93] in Kerberos

Re: knetd

jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)Sun Aug 9 21:25:31 1987

jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:25:31 1987