[OpenAFS-devel] How can I use rsh to connect with AFS
Derrick J Brashear
shadow@dementia.org
Wed, 16 Jan 2002 00:50:19 -0500 (EST)
On Wed, 16 Jan 2002, Ken Hornstein wrote:
> "Forwarding" really means two things - passing the ticket plus
> session key to a remote machine, and changing the IP address in
> the ticket to match that of the remote machine. The first isn't
> that hard to do (but requires support from the protocol); the second
> is not possible in V4. It just so happens that AFS is an application
> that ignores the IP address in the V4 ticket, so that happens to
> work. But no other V4 services will.
I hate to confuse this issue, but:
-other applications *may* choose not to enforce the IP address in the
tickets always (you can modify krb_rd_req to effect this)
more importantly:
-you can made the krb4 KDC set a zero IP address in the issued ticket, in
which case it's simply not enforced. The kaserver is one such KDC.
Everything else Ken says is true.
-D