According to your answer, the TGS gives a ticket to a service to each user requesting, as soon as he presents a valid TGT if I understood well?
Is there no possibility to do an additional access control on the TGS that only gives tickets to a user for the services which he is allowed to use(sort of acl)? Thanx CB Jeffrey Altman <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > Access control is not enforced by the TGS. The TGS provides service > tickets which allow a client to authenticate itself to the application > service. It is the responsibility of the application service to consult > an authorization database to determine what permissions (if any) the > client may be granted. > > Jeffrey Altman > > > paul b wrote: > > > Hello, > > I have a question about managing the access to the different services > > in Kerberos. > > > > When I have my TGT and I ask the TGS to get access to a specific > > service(for ex. kerberized FTP), how does the TGS know if I have the > > right to access this server. Is there any database on the TGS that > > contains the information which user has access to which service or > > does the TGS the TGT in any case and the access rights are managed on > > the server offering the service. > > > > My second question is how can I specify which user has access to which > > service? Are there commands on the TGS(eventually to add users to a > > database managing the rights???) or do I have to specify the user > > rights on the server offering the service > > > > Thank u very much in advance > > > > CB ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
