[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Addressless tickets in 0.8.x

To: heimdal-discuss@sics.se, Brian May <bam@snoopy.apana.org.au>
Subject: Re: Addressless tickets in 0.8.x
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Wed, 23 May 2007 15:58:51 -0700
In-Reply-To: <sa4veekqkoa.fsf@margay.local>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <20070521.133106.58054760.haba@habarber.pdc.kth.se> <3A82B6E0-185B-4B7D-9F8D-2B07057C4548@kth.se> <20070522.004737.35219105.haba@habarber.pdc.kth.se> <3A198D77-8AED-4DB3-BD67-83FDD347796F@jpl.nasa.gov> <sa4veekqkoa.fsf@margay.local>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>


On May 22, 2007, at 8:32 PM, Brian May wrote:

>>>>>> "Henry" == Henry B Hotz <hotz@jpl.nasa.gov> writes:
>
>     Henry> Most home users I know have a $20(US) box connected to  
> their DSL/
>     Henry> Cable-modem line that does NAT.  Putting addresses in  
> the tickets
>     Henry> would effectively disable most home users.  I wish MIT  
> defaulted to
>     Henry> false.  I wish Sun, MIT and Heimdal used the same name  
> for this
>     Henry> option too.
>
> Unless they use the "--extra-addresses=" kinit option (I assume it
> still exists in 0.8.x?)

That could probably solve the most common cases, but not all of them,  
even given savy users.  Also it isn't practical to combine with  
integrated login.

I don't think there is a practical equivalent, except in limited  
deployments.  More philosophically, an IP address is not suitable for  
security decisions;  that's simply not it's function.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

References:
- Addressless tickets in 0.8.x
  - From: Harald Barth <haba@kth.se>
- Re: Addressless tickets in 0.8.x
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Addressless tickets in 0.8.x
  - From: Harald Barth <haba@kth.se>
- Re: Addressless tickets in 0.8.x
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Addressless tickets in 0.8.x
  - From: Brian May <bam@snoopy.apana.org.au>

Prev by Date: Re: Addressless tickets in 0.8.x
Next by Date: Re: Preauthentication failed
Prev by thread: Re: Addressless tickets in 0.8.x
Next by thread: Re: Addressless tickets in 0.8.x
Index(es):
- Date
- Thread