[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question to Kerberos/Multicast/RSVP
in section 7 of rfc 2474 the use of multicast with kerberos is described as
"In the multicast case all receivers of a multicast
RSVP message MUST share a single key with the KDC (e.g. the receivers
are in effect the same security principal with respect to Kerberos)."
is this an appropriate assumption since this requires that before starting a
a new principal name must be created at the kdc and the information
(principal name and key) must be send to the
participating users (receivers). then the actual reservation can take place
to make use of the above mentioned single key.
the above mentioned procedure is required since it cannot be assumed that
two principals are the same security principal. additionally this creates
problems for accounting.
am i missing something?
how should the exact processing work?