[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cross-realm auth (sort of...)

--On Tuesday, February 19, 2002 16:51:37 +0100 Johan Danielsson
<joda@pdc.kth.se> wrote:

> Måns Nilsson <mansaxel@sunet.se> writes:
>> It does not matter who I am, I'm just interested in verifying that
>> the entity presenting a ticket for luser@REALM is really giving me a
>> good ticket (and thus could be regarded as actually being
>> luser@REALM) and the ticket still is valid.
> You need the key the ticket is encrypted with to verify that it is
> valid. What are you trying to do?

A loosely-coupled low-security auth scheme for controlling access to public
LAN's -- I want to allow other people  to use my LAN if they can present a
valid ticket, but I was under the impression that true cross-realm auth was
a bit too closely knit for this purpose. A simple conf file statement like

# these realms I trust to use my net:

An user with a valid ticket in these realms would get access, to the LAN
and routing beyond, but no other resources. 

But I suppose shortcuts in system design are the mother of all evil.. 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC