Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!usc!ucsd!sdd.hp.com!hplabs!hpcc01!hpcuhb!hpindda!abraham
From: abraham@hpindda.HP.COM (Abraham Lui)
Newsgroups: comp.protocols.kerberos
Subject: Re: ACLs and Shared Libraries
Message-ID: <41820002@hpindda.HP.COM>
Date: 6 Aug 90 15:14:31 GMT
References: <1990Jul31.195713.24848@eng.umd.edu>
Organization: HP Information Networks, Cupertino, CA
Lines: 10

>   Is there any way to use ACLs to restrict the access of certain users to
>certain machines or groups of machines?  Obviously you can hack login.krb
>to do it; I'm just asking if it is set up to do it by default.

In version 5, there will be an authorization data field included  in 
each kerberos ticket.  This is the extend of "default" previded by 
Kerberos.  A separate authorization server (module) will have to be
written to use the info contained in this field.

Abraham