[181] in DCNS Development
[jon@MIT.EDU (Jon A. Rochlis): Re: Mac Kerberos ? ]
daemon@ATHENA.MIT.EDU (Mark Curby)
Fri Feb 28 15:10:49 1992
Date: Fri, 28 Feb 92 13:03:35 EST
From: mlc@MIT.EDU (Mark Curby)
To: developers@MIT.EDU, macdev@MIT.EDU
FY (and others) I
- mark
------- Forwarded Message
From: jon@MIT.EDU (Jon A. Rochlis)
To: Rob Chandhok <Ravinder.Chandhok@CS.CMU.EDU>
Cc: apple-ip@APPLE.COM
Subject: Re: Mac Kerberos ?
In-Reply-To: Your message of Wed, 26 Feb 92 14:02:26 -0500.
<12141.699130946@GNOME.CS.CMU.EDU>
Date: Thu, 27 Feb 92 13:05:04 GMT
The facilities people here in CS are moving to kerberos based everything. I
was wondering if anyone knew of or was developing kerberos services for the
Mac. I have the impression that UMich is.
We are. See the message below. We have Kerberos libraries, a POP
client, a Zephyr (a real-time messaging system) client, a Discuss
(conferencing) system, a OLC ("one line consulting") and several
others under development. They range from production systems used
every day by thousands of people to very alpha-ish products.
Most of the services we are putting on the Mac come out of MIT's
Project Athena. For more info on Athena (or Kerberos) try anonymous
ftp to athena-dist.mit.edu (and also net-dist.mit.edu). There's lots
of documentation and even free code.
We do not have a Mac kerberized version of telnet or rlogin, though we
would like one.
I have a particular interest in Telnet using kerberos to avoid free-text
passwords. Although I don't know how to store a secret on a Mac.
With Kerberos you need only store secrets on server machines. If your
macs are just clients you have no need to keep secrets on them and you
can avoid sending passwords (or even data) in the clear over who knows
what cable.
-- Jon
[1762] daemon@ATHENA.MIT.EDU Kerberos 02/21/92 12:50 (35 lines)
Subject: New Macintosh Kerberos library available
From: srz@Athena.MIT.EDU (Stan Zanarotti)
Date: Fri, 21 Feb 92 12:13:59 -0500
To: kerberos@Athena.MIT.EDU
A new release of the MIT Kerberos and DES libraries for the
Macintosh is now available via anonymous FTP from Athena-dist.mit.edu
(18.71.0.38) [pub/kerberos/README.mac]. This is an update for the
Kerberos library that Jon Rochlis ported to the Macintosh. As always,
export restrictions may apply.
This release has clean-ups that were added for the TechMail 2.0
release. It has some bug fixes, but it mainly reflects a new configuration
of libraries and Makefiles. Kerberos configuration information
(/etc/krb.conf, /etc/services) are now stored as resources in the
application. Tickets are stored in memory, and are not shared among
applications.
One possibly controversial change is that the Kerberos library now
uses the timed protocol to get the time for the Macintosh at the
beginning of a session. Macintoshes do not have a good understanding
of GMT time, and we would have had a hard time dealing with time skew,
daylight savings time, time zone settings, etc. In our environment,
the threat of a spoofed time server is not that high, so we made a
tradeoff for convenience. Since we're distributing source, people can change
it if they want.
We recommend that people pick up the TechMail sources, available via
anonymous FTP from net-dist.mit.edu (18.72.0.3) under
pub/TechMail/for-non-mit-use/src, to get a build tree for the MIT
libraries (sans Kerberos). This distribution contains the underlying
bsd library that the Kerberos library uses, as well as top-level Makefiles.
TechMail is a Macintosh application that reads and sends mail using POP3
(Kerberos or vanilla) and SMTP.
-stan
--[1762]--
------- End of Forwarded Message
