[1041] in arla-drinkers
RE: forwarding tokens to other machine
daemon@ATHENA.MIT.EDU (Lyle Seaman)
Mon Aug 2 09:23:39 1999
From owner-arla-drinkers@stacken.kth.se Mon Aug 02 13:23:38 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 16917 invoked from network); 2 Aug 1999 13:23:37 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 2 Aug 1999 13:23:37 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id PAA04309
for arla-drinkers-list; Mon, 2 Aug 1999 15:16:22 +0200 (MET DST)
Received: from oden.vms.stacken.kth.se (oden.vms.stacken.kth.se [130.237.234.19])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id PAA04305;
Mon, 2 Aug 1999 15:16:16 +0200 (MET DST)
Received: from gw.stormsystems.com (209.49.190.30) by oden.vms.stacken.kth.se
(MX V5.1 VnHl) with ESMTP; Mon, 2 Aug 1999 15:14:12 +0100
Received: from fs1.office.stormsystems.com (exchange.office.stormsystems.com
[172.29.1.5]) by gw.stormsystems.com (8.9.3/8.9.1) with ESMTP id
JAA21247; Mon, 2 Aug 1999 09:16:00 -0400
Received: by fs1.stormsystems.com with Internet Mail Service (5.5.2448.0) id
<P9DVQH0M>; Mon, 2 Aug 1999 09:16:00 -0400
Message-ID: <B5C3AE5DDF77D211BD2500A0C9D3A6A11C006F@fs1.stormsystems.com>
From: Lyle Seaman <LSeaman@stormsystems.com>
To: "'assar@stacken.kth.se'" <assar@stacken.kth.se>,
Herbert Huber
<Herbert.Huber@lrz-muenchen.de>
CC: arla-drinkers@stacken.kth.se, Helmut.Heller@lrz-muenchen.de
Subject: RE: forwarding tokens to other machine
Date: Mon, 2 Aug 1999 09:15:54 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
Yep, this was my question. Unless he meant ...decodeTicket and then
...encodeTicket with a new lifetime. I suppose those are undocumented,
though hardly secret. But all they do is decrypt the ticket, and then
explode the structure into a bunch of individual variables, or vice versa.
They should work with any kerberos service ticket, not just AFS, if I recall
correctly.
> I'm curious as to how tokens can be extended with Transarc libraries?
>
> To many understanding the only way of extending a token is to have the
> secret key of the client or the server and actually fabricate a new
> token (ticket really). This can of course be done in several
> different ways.