[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cross-realm auth (sort of...)

To: Måns Nilsson <mansaxel@sunet.se>
Subject: Re: cross-realm auth (sort of...)
From: joda@pdc.kth.se (Johan Danielsson)
Date: 20 Feb 2002 14:47:04 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: Måns Nilsson's message of "Wed, 20 Feb 2002 10:06:16 +0100"
References: <481860000.1014125749@localhost><xof664th3li.fsf@blubb.pdc.kth.se> <56170000.1014195975@slimsixten>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7


You could do something like this, but you would not be sure that the
ticket actually came from a valid KDC. Security by obscurity, if you
like.

> I want to allow other people  to use my LAN if they can present a
> valid ticket

How should they present that ticket, and to what?

> but I was under the impression that true cross-realm auth was a bit
> too closely knit for this purpose.

You'd need cross realm keys between all allowed realms, and the realm
you use, but for a limited set of realms (like your example) this
shouldn't be a huge problem. The question is of course if the trouble
is worth it, does it really matter if someone gets network access, or
is it just a matter of stopping random users.

/Johan

References:
- cross-realm auth (sort of...)
  - From: Måns Nilsson <mansaxel@sunet.se>
- Re: cross-realm auth (sort of...)
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: cross-realm auth (sort of...)
  - From: Måns Nilsson <mansaxel@sunet.se>

Prev by Date: Re: cross-realm auth (sort of...)
Next by Date: linux pam module
Prev by thread: Re: cross-realm auth (sort of...)
Next by thread: linux pam module
Index(es):
- Date
- Thread