[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]

To: Buck Huppmann <buckh@pobox.com>
Subject: Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
From: Gabor Gombas <gombasg@sztaki.hu>
Date: Thu, 16 Feb 2006 15:43:09 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <20060215123806.GA14964@dsl092-173-085.wdc2.dsl.speakeasy.net>
Mail-Followup-To: Buck Huppmann <buckh@pobox.com>,heimdal-discuss@sics.se
References: <20060202161753.20c37c47@noether.tfy.utu.fi> <20060202154540.GC23653@boogie.lpds.sztaki.hu> <20060202181813.6789e137@alnitak.stiff.utu.fi> <20060213213951.GA19694@dsl092-173-085.wdc2.dsl.speakeasy.net> <B70BAE77-700D-47A5-8DA7-DAB6E7F6A487@jpl.nasa.gov> <20060215105246.GC20234@boogie.lpds.sztaki.hu> <20060215123806.GA14964@dsl092-173-085.wdc2.dsl.speakeasy.net>
Sender: owner-heimdal-discuss@sics.se

On Wed, Feb 15, 2006 at 07:38:06AM -0500, Buck Huppmann wrote:

> getting completely outside the box, the application needn't even call
> krb5_kuserok() and just do what it thinks is right, given the auth-
> enticated principal. i think that's probably the right thing to do,
> since kerberos is an authentication system, after all, not an author-
> ization system.

Yes, making krb5_kuserok() officially deprecated may be a good idea.
Nowadays the use of PAM is widespread and writing a PAM module that
implements krb5_kuserok() functionality for those who need it should be
easy. Deprecating krb5_kuserok() should be coordinated with MIT however.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------

References:
- API differences between Heimdal and MIT
  - From: Juha Jäykkä <juhaj@iki.fi>
- Re: API differences between Heimdal and MIT
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Behavioural differences in Heimdal and MIT [was: Re: API differencesbetween Heimdal and MIT]
  - From: Juha =?ISO-8859-15?B?SuR5a2vk?= <juhaj@iki.fi>
- Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
  - From: Buck Huppmann <buckh@pobox.com>
- Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
  - From: Buck Huppmann <buckh@pobox.com>

Prev by Date: Re: Behavioural differences in Heimdal and MIT
Next by Date: Re: Behavioural differences in Heimdal and MIT
Prev by thread: Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
Next by thread: Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
Index(es):
- Date
- Thread