[243] in Zephyr Mailing List
Re: Interrealm support issues
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Jan 3 14:47:55 1997
To: John Gardiner Myers <jgm@CMU.EDU>
Cc: zephyr@MIT.EDU
In-Reply-To: Your message of "Fri, 03 Jan 1997 14:36:46 EST."
<4mnJzCW00WBw1kZrM0@andrew.cmu.edu>
Date: Fri, 03 Jan 1997 14:44:55 EST
From: Greg Hudson <ghudson@MIT.EDU>
> With the server-server interrealm model, you don't need the kerberos
> realm in the recipient field (or in the packet at all).
Of course you do. Recipients do not necessarily belong to the same
Kerberos realm as the zephyr server they are talking to.
> Like afs, you need one kerberos realm per zephyr realm, but can have
> multiple zephyr realms per kerberos realm.
AFS allows you to authenticate from Kerberos realms that aren't
running AFS (assuming there is a shared key, of course). As far as I
can tell, your model doesn't allow that.
