I see that it is possible to put application-defined data in the enc-authorization-data field of a request to a TGS and the authorization-data field of a ticket. Suppose I have a password-based application service that would be difficult to Kerberize, I have two questions:
1. In theory, is it possible to embed a user ID and password into a ticket and send it to a Kerberized proxy that logs the user into the password-based application service on behalf of the user? 2. In practice, are there any gotchas? For example, would one need to modify kinit? Does the MIT TGS support this? BTW, I am familiar with Clifford Neuman's "Proxy-Based Authorization and Accounting for Distributed Systems". Thanks. Frank -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
