Hi, > Kerberos is not a complete identity solution.
As I understand Kerberos, it IS… * a complete local authentication platform * a statically configurable realm-xover authentication platform …and it IS NOT… * an on-the-fly realm-xover authentication platform * an authorisation platform The first one is a miss, and is being worked on (PKCROSS, the KREALM record, and ever-improving integration in of protocols). Authorisation is out of scope, and might need something like LDAP. Note that authorisation requires trust of the protected resource, so it is usually in the same realm, just using the authenitcated identity that has done a realm-xover if necessary. -Rick ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
