Hi Sam: El 09/09/2011, a las 14:58, Sam Hartman escribió:
>>>>>> "Rafa" == Rafa Marin Lopez <[email protected]> writes: > > Rafa> Hi Sam: >>> >>> May we assume that TGT will be involved in a Kerberos exchange >>> later on?. I mean I think that TGT will have to be provided to >>> the initiator somehow ( within GSS-EAP exchange? ) >>> >>> I assume that initiator will have some Kerberos source code >>> implemented to handle the TGT and to request service >>> tickets. Otherwise, having a TGT is useless as you mention. >>> >>> I don't think these are reasonable assumptions. > > Rafa> Well, if we send a TGT or ST to the initiator, it would seem > Rafa> reasonable to me that initiator knows how to handle it. But > Rafa> maybe it is not reasonable. > > I agree that if the initiator is going to use a TGT or ST then it's fine > to assume it has code to deal with one. I think we may send a TGT or ST > to the initiator without being aware it can handle them; we could also > perform capability negotiation and confirm that the initiator can deal > with a TGT or ST before sending it. The capability option is desirable > if we want a different protocol. That makes sense to me. > > In the case of the TGT there is no particular reason to generate a TGT > unless the initiator has Kerberos and can consume it. Right. > > In the case of the ST, it is often very useful to generate the ST and > hand the ST to the RP even if the initiator will never see the ST and > wouldn't know what to do with an ST if it had one. > > Talking through this with Josh ye.yesterday I've realized I am making > lots of assumptions about model and use that I have documented no-where. > If you can wait a couple of days I'll write up my model and what I've > learned of the constraint space. Yes, that would be really appreciated. Thanks. Best regards. > > --Sam ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
