[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cross-realm auth (sort of...)
--On Tuesday, February 19, 2002 16:51:37 +0100 Johan Danielsson
> Måns Nilsson <firstname.lastname@example.org> writes:
>> It does not matter who I am, I'm just interested in verifying that
>> the entity presenting a ticket for luser@REALM is really giving me a
>> good ticket (and thus could be regarded as actually being
>> luser@REALM) and the ticket still is valid.
> You need the key the ticket is encrypted with to verify that it is
> valid. What are you trying to do?
A loosely-coupled low-security auth scheme for controlling access to public
LAN's -- I want to allow other people to use my LAN if they can present a
valid ticket, but I was under the impression that true cross-realm auth was
a bit too closely knit for this purpose. A simple conf file statement like
# these realms I trust to use my net:
An user with a valid ticket in these realms would get access, to the LAN
and routing beyond, but no other resources.
But I suppose shortcuts in system design are the mother of all evil..
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC