Principal for setclientid

From: rick@snowhite.cis.uoguelph.ca
Date: 07/15/02-09:50:43 AM Z

• Next message: Noveck, Dave: "RE: Principal for setclientid"
• Previous message: Noveck, Dave: "RE: setclientid"
• Next in thread: Noveck, Dave: "RE: Principal for setclientid"
• Maybe reply: Noveck, Dave: "RE: Principal for setclientid"
• Maybe reply: Noveck, Dave: "RE: Principal for setclientid"

From: rick@snowhite.cis.uoguelph.ca
Date: Mon, 15 Jul 2002 10:50:43 -0400 (EDT)
Message-Id: <200207151450.KAA25320@snowhite.cis.uoguelph.ca>
Subject: Principal for setclientid

Hi,

> I think your solution doesn't account for the case of auth-sys, which
> while deprecated, will continue to exist in some environments.  In those
> environments, there won't be any real principal to match and so there 
> is a choice of having no check for misconfiguration (multiple clients
> with the same client id), if you don't check on IP address.

The above suggests that, for Kerberos, the principal will be unique. I
have no problem with that, but I would have used "root@CIS.UOGUELPH.CA"
from all the clients in my domain, by default. Is this requirement that
a Kerberos principal be unique per client for setclientid stated anywhere
in the RFC? (I've currently got bis03 and will download bis04 soon, but
admit I haven't read it all.)

So, it sounds like it is still an open issue and I won't worry about it
until it gets resolved.

Thanks, rick

• Next message: Noveck, Dave: "RE: Principal for setclientid"
• Previous message: Noveck, Dave: "RE: setclientid"
• Next in thread: Noveck, Dave: "RE: Principal for setclientid"
• Maybe reply: Noveck, Dave: "RE: Principal for setclientid"
• Maybe reply: Noveck, Dave: "RE: Principal for setclientid"

This archive was generated by hypermail 2.1.2 : 03/04/05-01:49:56 AM Z CST