[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: alternative to user-to-user Kerberos in KINK
Ken,
This includes both AS_REQ and TGS_REQ. In my proposal, a Kerberized server
would not have to generate either. The key management protocol between the
IPSec peers is not Kerberos anyway - it just utilizes Kerberos objects for
authentication.
Sasha.
> -----Original Message-----
> From: Ken Hornstein [mailto:kenh@xxxxxxxxxxxxxxxx]
> Sent: Tuesday, October 31, 2000 3:01 PM
> To: 'ietf-kink@xxxxxxxx'
> Subject: Re: alternative to user-to-user Kerberos in KINK
>
>
> > 3) A standard Kerberized server that doesn't support the
> >user-to-user tickets is a lot simpler to implement.
>
> If you don't handle a TGS_REQ, I don't think you could call
> it "Kerberos";
> and from looking at a sample KDC, I don't think a TGS_REQ
> really adds that
> much complexity (compared to how much else you have to implement to
> do Kerberos).
>
> --Ken
>