All, I would love to use MIT's Kerberos, but it looks as though it can NOT do Role Based Access Control (RBAC) out of the box. It seems that MIT's Kerberos stores only principals and knows nothing about any roles those principals might or might not have. For any particular user, I would love to be able to attach a list of roles that person plays. For example, for user Joe, I need to be able to say that principal Joe has roles: Admin, Superuser or Manager or Supervisor, or Team1Leader etc. Then, when Joe authenticates to the KDC, if both the principal (what Java JAAS calls the subject) could also return a list of roles (JAAS principals), I could then do RBAC. Microsoft had to add some separate user-to-role database that is consulted when user's authenticate in their Active Directory realm. I would like to not have to do this. Does anyone know of a Kerberos implementation that does RBAC and, BTW, works with Sun's JAAS (Java security)?
I could just have user Kerberos principals and Role principals, but then when someone logged in with a Role user id, I would not know who the underlying user was. It seems that adding some Role attributes to the kerb principal would help alot here. Thanks Bart ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
