Hi , In the IAKERB draft, the followins is said :
=========== 6. The IAKERB proxy protocol : ... The IAKERB proxy is responsible for locating an appropriate KDC using the realm information in the KDC request message it received from the client. ... ============ I appologize for my misleading affirmation, The IAKERB proxy can be used by the client to obtain cross realm ticket that can be used in the visited realm. I was referring to a KDC instead of an IAKERB proxy. My thoughts are that these proxying functionalities should be moved to the KDC of the visited realm. But this would be another topic that I wish to start soon. Best Regards, Saber. * On 21:55, Sun 17 Jul 05, Sam Hartman wrote: > >>>>> "Saber" == Saber Zrelli <[EMAIL PROTECTED]> writes: > > Saber> when some visiting user would like to connect to a foreign > Saber> wireless network, In addition to the bootstrapping problem, > Saber> the actual protocol defined by IAKERB does not allow the > Saber> operator to authenticate the visiting user since he/she is > Saber> not registered in the local DB. Hence there is need to > Saber> extend the proxy properties to perform inter-realm > Saber> operations (to communicate with the user's home realm ) for > Saber> authenticating roaming users. > > For the record, I strongly disagree with the above. > > I don't have time to explain now, but will try to get to it reasonably soon. -- Saber ZRELLI <[EMAIL PROTECTED]> Japan Advanced Institute of Science and Technology Center of Information Science Shinoda Laboratory url : http://www.jaist.ac.jp/~zrelli gpg-id : 0x7119EA78 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
