This whole conversation seems misguided to me. Kerberos is an authentication system, not an authorization one. Access to a service is an authorization issue. Since there is no universal authorization scheme for kerberos applications, any workable revocation system will have to build that first. That would be a very useful tool, but I'm afraid it might be about 20 years too late.
- Booker C. Bense ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
