VFS Implementation and user authentication
Nicolas Williams
Nicolas.Williams at ubsw.com
Wed Sep 13 14:06:33 GMT 2000
On Wed, Sep 13, 2000 at 01:23:11PM +1000, Luke Kenneth Casson Leighton wrote:
> > Forgive me. I was using Kerberos terminology, wherein "credentials"
> > refers to forwarded TGTs and proxied service tickets. These tickets name
> > a user and ALSO provide the ticket holder the right to impersonate that
> > user to other services.
>
> the PAC in the NT5 Krb5 server contains user profile info, which needs to
> be conceptually separated from the kerberos ticket itself.
Of course. I used the word profile. In plain Kerberos all there is to
the profile is the user principal name, but it (and forwarded TGTs) can
be used to obtain other profile information that is relevant to the
app.
> > Is there a better set of words to describe this such that the user
> > profile information in credentials can be separated, conceptually, while
> > talking about them, from the impersonation tokens?
>
> > I'm willing to learn new terminology, though I cringe every time if the
> > new terminology does not improve existing terminology.
>
> i am not an expert on appropriate terminology, however i know someone who
> is :)
:)
Nico
--
More information about the samba-technical
mailing list