[242] in Zephyr Mailing List


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Interrealm support issues

daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Fri Jan 3 14:42:46 1997

Date: Fri,  3 Jan 1997 14:36:46 -0500 (EST)
From: John Gardiner Myers <jgm@CMU.EDU>
To: zephyr@MIT.EDU
In-Reply-To: <sjmiv5elq5l.fsf@portnoy.mit.edu>

With the server-server interrealm model, you don't need the kerberos
realm in the recipient field (or in the packet at all).  Put
user.instance@zephyrrealm in the recipient field, authenticate and
send it to the local server, let the local server figure out from its
config which kerberos realm the remote zepyr realm is in and
reauthenticate it appropriately.  Remote zephyr server then
reauthenticates it as being from snder.instance@senderzephyrrealm

You don't need a one-to-one mapping between zephyr and kerberos
realms.  Like afs, you need one kerberos realm per zephyr realm, but
can have multiple zephyr realms per kerberos realm.

-- 
_.John Gardiner Myers	Internet: jgm+@CMU.EDU
			LoseNet:  ...!seismo!ihnp4!wiscvm.wisc.edu!give!up


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[242] in Zephyr Mailing List

Re: Interrealm support issues

daemon@ATHENA.MIT.EDU (John Gardiner Myers)Fri Jan 3 14:42:46 1997

daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Fri Jan 3 14:42:46 1997