paul b wrote: > According to your answer, the TGS gives a ticket to a service to each > user requesting, as soon as he presents a valid TGT if I understood > well? > > Is there no possibility to do an additional access control on the TGS > that only gives tickets to a user for the services which he is allowed > to use(sort of acl)? >
Access control is not the responsibility of the KDC's TGS, so the answer is 'no'. > Once the client is authenticated, is the communication between the > client and the server encrypted(with the session key in the ticket) or > does all the trafic pass in clear text by default. I read some docs > and their content was contradictory, perhaps u can clear me this point > to? The Kerberos authentication provides the client and server with a shared key which only the two of them know about. Whether or not this key is used to encrypt the session data is up to the application protocol. Jeffrey Altman ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
