No, the Citrix client does not issue the ticket, the Kerberos ticket is
generated during the auth of the user, so therefore the ticket attribute is
then attached to that user's session..
I am hoping that MJR's cat will jump in soon.. :)
At 11:17 PM 7/17/00 -0500, Frank Knobbe wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, July 17, 2000 9:33 PM
> > >
> > > The user does nothing, all the work is done via smoke and
> > > mirrors. The
> > > session is initiated once the user enters their password via
> > > the Citrix
> > > Client, The Citrix client then requests authentication via the
> > > router . The router sends a auth request to the server inside,
> > > the server then initiates a kerebos session back to the router
> > > to the client.
> > > The client
> > > does not even know what is going on around the session
> >
> > Okay, but how does the router authenticate the client? By IP
> > address? How do you limit access?
>
>May I guess an answer to my own question? Does the remote PC with the
>Citrix client issue the Kerberos tickets to the router, which accepts
>or denies them? In other words, the Kerberos authentication stretches
>across the Internet to the client PC?
>
>Frank
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Personal Privacy 6.5.1
>Comment: PGP or S/MIME (X.509) encrypted email preferred.
>
>iQA/AwUBOXPaW0RKym0LjhFcEQK1RwCgvhquKxpz0DoZ20B1KkhjhS/9/BoAoKLf
>IVDzVhf2TZYhlgI8v+clcPRr
>=UrFj
>-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
