nero@eng.umd.edu (Oren L. Stern) (08/01/90)
Hello! Just a couple of quick questions from a kerberos novice... Is there any way to use ACLs to restrict the access of certain users to certain machines or groups of machines? Obviously you can hack login.krb to do it; I'm just asking if it is set up to do it by default. Secondly, has anyone tried compiling kerberos libraries as dynamically linked libraries (for those machines that support it)? I noticed that the kerberos executables are rather large compared to the BSD counterparts. What sort of success/problems have you found with this? Thanks in advance... Oren Stern -- Oren Stern (nero@eng.umd.edu) | "A boy without mischief is like a bowling ball UUCP: uunet!eng.umd.edu!nero | without a liquid center" -- Homer Simpson
abraham@hpindda.HP.COM (Abraham Lui) (08/06/90)
> Is there any way to use ACLs to restrict the access of certain users to >certain machines or groups of machines? Obviously you can hack login.krb >to do it; I'm just asking if it is set up to do it by default. In version 5, there will be an authorization data field included in each kerberos ticket. This is the extend of "default" previded by Kerberos. A separate authorization server (module) will have to be written to use the info contained in this field. Abraham
oleg@electra.la.locus.com (Oleg Kiselev) (08/13/90)
In article <41820002@hpindda.HP.COM> abraham@hpindda.HP.COM (Abraham Lui) writes: >In version 5, there will be an authorization data field included in >each kerberos ticket. This is the extend of "default" previded by >Kerberos. A separate authorization server (module) will have to be >written to use the info contained in this field. Anyone know what the status of ver. 5 is? We were told that there are "1.5 people working on it at MIT" and that it was not going to be available any time soon. -- DISCLAIMER: I speak for myself only, unless otherwise indicated. "No regrets, no apologies" -- R.Reagan Oleg Kiselev lcc!oleg@seas.ucla.edu, oleg@locus.com (213)337-5230 ...!{uunet|att|ucla-se|turnkey|alphacm}!lcc!oleg
henry@MIT.EDU (Henry Mensch) (08/13/90)
oleg@electra.la.locus.com (Oleg Kiselev) wrote: ->Anyone know what the status of ver. 5 is? We were told that there are "1.5 ->people working on it at MIT" and that it was not going to be available any ->time soon. the status of version 5 will be announced when it's ready, and not before. the project leader (most of that 1.5 people working on it) has been temporarily called away from this work by his employer (not MIT, btw) and should be able to resume this work shortly. -- Henry Mensch / <henry@MIT.EDU> -- Project Athena External Relations # Henry Mensch / <henry@garp.mit.edu> / E40-379 MIT, Cambridge, MA # <hmensch@uk.ac.nsfnet-relay> / <henry@tts.lth.se> / <mensch@munnari.oz.au>