Path: utzoo!attcan!uunet!lll-winken!csd4.milw.wisc.edu!mailrus!purdue!decwrl!shelby!ATHENA.MIT.EDU!don
From: don@ATHENA.MIT.EDU
Newsgroups: comp.protocols.kerberos
Subject: (none)
Message-ID: <8903280116.AA08059@TARTAROS.MIT.EDU>
Date: 28 Mar 89 01:16:27 GMT
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 23


    Currently, Kerberos supports only user-to-secure-host authentication.
Ralph Swick and I, Don Davis, have completed a proposal for adding
full-tilt user-to-user authentication to the Kerberos protocol.
Our extension would allow the authentication of workstation-to-workstation
rcp requests, X service, etc. Our paper also discusses some naming and
authorization problems that we expect to see in an environment of
workstation-services. Finally, we describe a straightforward Kerberos
application, called "rkinit", which would securely propagate a user's
tickets to a remote host, and which would use the proposed protocol extension.

    We invite you to examine and comment upon our proposal. The document is
titled, "Workstation Services and Kerberos Authentication at Project Athena".
You can get it via anonymous ftp to athena-dist.mit.edu; see the
PostScript file pub/kerberos/user2user.PS .
If you want hard copy, as some do, please call or write to us.
Please send your comments to krb-protocol@athena.mit.edu .

		-Don Davis, Athena/MIT	       -Ralph Swick, Athena/DEC    
		 MIT room E40-319	 	MIT room E40-327
		 Cambridge, MA 02139	 	Cambridge, MA 02139
		 (617)253-1409 (1-9pm Eastern)	(617)253-1506
		 don@athena.mit.edu		swick@athena.mit.edu