[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos makes login one time?



On Mon, Aug 04, 2003 at 03:22:27PM -0700, cody wang wrote:
> if I have kerberos, I can just login one time for all the clients, am I

I don't think so.  I'm no LDAP/Kerberos guru but it's my understanding
that if you log in on one machine it creates a ticket (in /tmp) that can
be forwarded to other machines.  It's almost a bit like public-key
encryption, only the key times out.  So, no, you have to enter your
password on every machine you log on to.

  Think about it this way:  if you log onto machine A and fred logs on
to machine B he'd have your account, etc. if what you were asking were
true.  With kerberos the idea is that it's ``single sign-on'' so once
you authenticate you no longer get prompted for remote services
requested from that machine.  i.e. when SSHing to other servers (that
are configured to use Kerberos), POP, etc.

  Hope that's (correct) and some help,

-lewiz.

-- 
I was so much older then, I'm younger than that now.  --Bob Dylan, 1964.
------------------------------------------------------------------------
-| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |-

Attachment: pgpq3kueZaIo2.pgp
Description: PGP signature