* Jonas Smedegaard ([EMAIL PROTECTED]) [040831 15:09]: > On 31-08-2004 14:12, Ragnar Wisloff wrote: > |> As I understand Kerberos, the core logic is to authenticate _both_ user > |> and service against a third party (the ticket server). So even services > |> on a thin client should be able to trust if done properly, right? > | > | > | Don't know. > > Fair enough. I know only fractions myself. > > Andreas - have you become clever on these parts with your poking around > with AFS lately?
yes. (c: you think of the floppyd as a kerberos enabled service with a key from the kdc? how would he know who is allowed to read the floppy? it is not only the question if the person trying to read the floppy is genuinly the one she pretends to be but also some knowledge of WHO is allowed to access the floppy. the first you can accomplish with kerberos, the second not. that is the floppyd`s job, which i dont know anything about. btw, what about your own kerberos and afs effords? you promised code and other goodies!

