[248] in Zephyr Mailing List
Re: Interrealm support issues
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Fri Jan 3 17:02:49 1997
Date: Fri, 3 Jan 1997 16:58:45 -0500 (EST)
From: John Gardiner Myers <jgm@CMU.EDU>
To: zephyr@MIT.EDU
In-Reply-To: <9701031944.AA16333@small-gods.MIT.EDU>
Greg Hudson <ghudson@MIT.EDU> writes:
> > With the server-server interrealm model, you don't need the kerberos
> > realm in the recipient field (or in the packet at all).
>
> Of course you do. Recipients do not necessarily belong to the same
> Kerberos realm as the zephyr server they are talking to.
Irrelevant. Under the server-server model, recipients do necessarily
belong to the same zephyr realm as their local zephyr server, which is
the only server they directly talk to.
> AFS allows you to authenticate from Kerberos realms that aren't
> running AFS (assuming there is a shared key, of course). As far as I
> can tell, your model doesn't allow that.
One could have a model in which a client could talk to a local zephyr
server in a different realm, taking an identity *in the zephyr realm of
the server it's talking to*.
--
_.John Gardiner Myers Internet: jgm+@CMU.EDU
LoseNet: ...!seismo!ihnp4!wiscvm.wisc.edu!give!up
