Re: AUTH48 [AH]: RFC 4462 <draft-ietf-secsh-gsskeyex-10.txt> NOW AVAILABLE (fwd)

To: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Subject: Re: AUTH48 [AH]: RFC 4462 <draft-ietf-secsh-gsskeyex-10.txt> NOW AVAILABLE (fwd)
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Fri, 07 Apr 2006 17:42:54 -0400

On Friday, April 07, 2006 04:32:07 PM -0500 Nicolas Williams<Nicolas.Williams%sun.com@localhost> wrote:

Note: don't be too specific about how this authorization check should be
implemented, specifically don't require that authenticated principal's
display name or exported MN or gss_compare_name() or anything like that
should be used.  To speak of the authenticated principal's name
generally, or "NAME" (to more clearly reference the object type in
RFC2743) is sufficient.

We don't even do that. Joe quoted the relevant text, which is already inthe document:

It is up to the server how it interprets the user name
and determines whether the client is authorized based on his GSS-API
credentials.


All the new text does is require that the check be done in the first place.

References:
- RE: AUTH48 [AH]: RFC 4462 <draft-ietf-secsh-gsskeyex-10.txt> NOW AVAILABLE (fwd)
  - From: Jeffrey Hutzelman
- Re: AUTH48 [AH]: RFC 4462 <draft-ietf-secsh-gsskeyex-10.txt> NOW AVAILABLE (fwd)
  - From: Nicolas Williams

Prev by Date: Re: AUTH48 [AH]: RFC 4462 <draft-ietf-secsh-gsskeyex-10.txt> NOW AVAILABLE (fwd)
Next by Date: Re: [Inquiry #85608] IETF mailing list archive for SECSH WG not being updated
Previous by Thread: Re: AUTH48 [AH]: RFC 4462 <draft-ietf-secsh-gsskeyex-10.txt> NOW AVAILABLE (fwd)
Next by Thread: RE: AUTH48 [AH]: RFC 4462 <draft-ietf-secsh-gsskeyex-10.txt> NOW AVAILABLE (fwd)
Indexes:

Home | Main Index | Thread Index | Old Index