[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: .k5command -- new stuff for rsh



>>>>> "Johan" == Johan Danielsson <joda@pdc.kth.se> writes:

    Johan> Leif Johansson <leifj@it.su.se> writes:
    >> Enclosed is a few patches agains 0.3e to do the same thing with
    >> rsh.

    Johan> Ugh! How is this useful?

This is so you can authorise other users to perform limited actions
(eg. uploading a file, checking out a cvs repository, etc) to your
account.

There is a difference with ssh - with ssh you can create extra
{private,public} key pairs as required, but here you must rely on the
Kerberos authentication.

Personally, I think more time should be given to better authorisation
protocols, eg. SPKI, which support roles, delegation, and other
authorisation tasks which Kerberos was never designed to do (but,
similarly, you could argue that Kerberos is better at authentication
then SPKI).

The biggest problems with SPKI right now though is that a) no good
implementation exists, b) no traffic on mailing list for several
months (I will have to try and talk to Carl Ellison about that).

Official web page appears to be
<URL:http://world.std.com/~cme/html/spki.html>
-- 
Brian May <bam@snoopy.apana.org.au>