[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: patch to gssapi server authentication to accept any server
From: |
Derek R. Price |
Subject: |
Re: patch to gssapi server authentication to accept any server |
Date: |
Fri, 02 Mar 2001 08:13:37 -0500 |
Assar Westerlund wrote:
[... Kerberos explanations ...]
> I hope this makes it clearer.
Yeah, it does. I want to get Kerberos set up here so I can do some testing
before I check things in, but it should go in. It'll probably be a few weeks
since I'm going to be on vacation next week.
A few more questions for my personal edification, though:
Is the "cvs" portion of the "cvs/address@hidden" that the server verifies all
that
prevents the client from obtaining a ticket for, say,
"telnet/address@hidden" and using that to accerss CVS?
Is it possible for the Kerberos server to grant a ticket to the CVS client
(assumedly through the CVS server) for anything other than
"cvs/<somehost>@EXAMPLE.COM"? In what cases?
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:address@hidden OpenAvenue ( http://OpenAvenue.com )
--
I have sworn upon the alter of God eternal hostility against every form of
tyranny over the mind of man.
- Thomas Jefferson