Hi , * On 12:13, Thu 02 Jun 05, Sam Hartman wrote: > >>>>> "Saber" == Saber Zrelli <[EMAIL PROTECTED]> writes: > > Saber> There is however a draft called "IAKERB" that provides > Saber> pass-through authentication using kerberos > Saber> (http://watersprings.org/pub/id/draft-ietf-cat-iakerb-08.txt), > Saber> that can do the trick. > Note that this draft has been rejected by this working group and is no > longer an ongoing effort. Some party could choose to fix the problems > in that draft and attempt to bring it back, but last time this came up > no one offered to do that work.
I think that the problem tagetted by IAKERB are a big obstacle that limit the scenarions where Kerberos can be used. Specially, concerning wireless access networks, Kerberos can be very convenient due to the fact that tickets have life-times, which means that clients do not need to ride the full authentication path each time they perform a hand-over. Current methods based on EAP, are defining context transfer protocols to attack the problem related to the latency of handovers ( CTP for PANA in PANA wg ). Kerberos IMHO, can offer fast handover in wireless access networks, but it requires some complementary protocols such as IAKERB. I really think that working on this axis should be amongst the milestones of kerberos wg. Regards. -- Saber ZRELLI <[EMAIL PROTECTED]> Japan Advanced Institute of Science and Technology Center of Information Science Shinoda Laboratory url : http://www.jaist.ac.jp/~zrelli gpg-id : 0x7119EA78 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos