Oliver, The design seems to be asymmetric in that the need to store a secret long-term key at the client has been avoided (the client only needs to store its TGT), but a secret long-term key at the server is still necessary. I am afraid our customer will complain about this ...
This is not the case if you use user-to-user GSS since the server uses a secret derived from a userid/password logon. Please read my earlier reply on this subject. Tim. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
