[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Addressless tickets in 0.8.x

On May 22, 2007, at 8:32 PM, Brian May wrote:

>>>>>> "Henry" == Henry B Hotz <hotz@jpl.nasa.gov> writes:
>     Henry> Most home users I know have a $20(US) box connected to  
> their DSL/
>     Henry> Cable-modem line that does NAT.  Putting addresses in  
> the tickets
>     Henry> would effectively disable most home users.  I wish MIT  
> defaulted to
>     Henry> false.  I wish Sun, MIT and Heimdal used the same name  
> for this
>     Henry> option too.
> Unless they use the "--extra-addresses=" kinit option (I assume it
> still exists in 0.8.x?)

That could probably solve the most common cases, but not all of them,  
even given savy users.  Also it isn't practical to combine with  
integrated login.

I don't think there is a practical equivalent, except in limited  
deployments.  More philosophically, an IP address is not suitable for  
security decisions;  that's simply not it's function.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu