[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cross-realm auth (sort of...)
--On Tuesday, February 19, 2002 16:51:37 +0100 Johan Danielsson
<joda@pdc.kth.se> wrote:
> Måns Nilsson <mansaxel@sunet.se> writes:
>
>> It does not matter who I am, I'm just interested in verifying that
>> the entity presenting a ticket for luser@REALM is really giving me a
>> good ticket (and thus could be regarded as actually being
>> luser@REALM) and the ticket still is valid.
>
> You need the key the ticket is encrypted with to verify that it is
> valid. What are you trying to do?
A loosely-coupled low-security auth scheme for controlling access to public
LAN's -- I want to allow other people to use my LAN if they can present a
valid ticket, but I was under the impression that true cross-realm auth was
a bit too closely knit for this purpose. A simple conf file statement like
# these realms I trust to use my net:
SUNET.SE
KTH.SE
E.KTH.SE
SNO.PP.SE
An user with a valid ticket in these realms would get access, to the LAN
and routing beyond, but no other resources.
But I suppose shortcuts in system design are the mother of all evil..
--
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE