[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 0.5.2 and v4 cross-realm

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: heimdal 0.5.2 and v4 cross-realm
From: joda@pdc.kth.se (Johan Danielsson)
Date: 18 Mar 2003 12:18:14 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: "Henry B. Hotz"'s message of "Mon, 17 Mar 2003 18:10:07 -0800"
References: <m2llzef2sh.fsf@PERMABIT-1-188.permabit.com><p0511173bba9c2e371714@[137.78.212.233]>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> Correct me if I'm wrong, but as I understand cross-realm
> authentication the user requests the cross-realm ticket of his own
> KDC, which obtains them on his behalf and forwards them back to
> him. In other words cross-realm ticket requests always originate from
> the other realm's KDC, not directly from the user.

No. The client realises that the requested service is in an other
realm, and then requests a cross-realm ticket for the other realm from
its own KDC. The client then uses that ticket to talk to a KDC in the
other realm.

It's only the client that talk to the KDC, KDCs and other servers
(the KDC just just a kerberised service) never do.

/Johan

References:
- Re: heimdal 0.5.2 and v4 cross-realm
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: heimdal 0.5.2 and v4 cross-realm
Next by Date: Re: heimdal 0.5.2 and v4 cross-realm
Prev by thread: Re: heimdal 0.5.2 and v4 cross-realm
Next by thread: Re: heimdal 0.5.2 and v4 cross-realm
Index(es):
- Date
- Thread