[OpenAFS-devel] Re: "prdb extensions" vs gssklog-map
Robert Banz
banz@umbc.edu
Wed, 26 Oct 2005 09:07:35 -0400
Jeffrey Altman wrote:
> Adam Megacz wrote:
>> Hey, thanks for the great explanation!
>>
>>
>>> Many organizations using either gssklogd or versions of krb524d or even
>>> krb525d perform client identity name translation from the name known to
>>
>> Okay, one more question... what is krb525d? I know what krb524d is...
>>
>> http://www.google.com/search?q=krb525d
>>
>> - a
>>
>
> krb525d is a service that takes as input a Kerberos 5 ticket and
> returns a different Kerberos 5 ticket perhaps with a different user
> principal name, perhaps with different ticket lifetimes. It is
> not a service that anyone distributes publicly.
>
Wouldn't mind having the source for one, this could come in handy in
some nasty proxy-'d authentication stuff...
-rob