[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
>>>>> "Brandon" == Brandon S Allbery KF8NH <email@example.com> writes:
Brandon> Authentication: "this user is who s/he claims to be"
Brandon> Authorization: "this user is permitted to do these
Brandon> Kerberos only provides the former (well, barring the
Brandon> w2kproblem "extensions"). You want to have the latter as
Brandon> well as the former, unless you really want every
Brandon> principal in your KDC to have administrative access to
Brandon> your router.
What about the authorization in Kerberos applications, eg telnetd
says "if this user has been authenticated as 'bam@...', then
he can login with the Unix Id = bam". Not to mention .k5login
Are there any limitations with this form of authorization?
Thanks for your response.
Brian May <firstname.lastname@example.org>