[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: patch to gssapi server authentication to accept any server

From: Derek R. Price
Subject: Re: patch to gssapi server authentication to accept any server
Date: Thu, 01 Mar 2001 09:23:28 -0500

Assar Westerlund wrote:

> "Derek R. Price" <address@hidden> writes:
> > > Not at all.  Before, you had to have a key for address@hidden(), but
> > > now any key stored in /etc/krb5.keytab can be used for
> > > authentication.  What worked before still works, and it is simpler for
> > > people with multihomed servers and such.
> >
> > Might this be perceived as a loss of functionality to some people, or
> > perhaps less secure?
> I don't see how it could be seen as a loss of functionality.  It might
> however, for some people be seen as a change in functionality.  I've
> cooked up a new patch that should even make those picky people happy.
> Instead of only accepting authentication for address@hidden() which
> was the old way it now accepts authentication for any address@hidden  This
> should make things work for multi-homed servers and not change the
> functionality in any perceived way.  Any comments on this patch?

Please excuse my light grounding in Kerberos, but could you enlighten me a
little further as to the reasons behind this and the possible repercussions?
What, exactly is a multi-homed server?  Also, what is preventing me from
setting up Kerberos on my own outside server (say,, using
kinit to grant myself a token for address@hidden on my current machine
(say,, then using that (previously invalid) token to grant
myself access to the local cvs server (


Derek Price                      CVS Solutions Architect ( )
mailto:address@hidden     OpenAvenue ( )
We have plenty of youth, how about a fountain of smart?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]