[1290] in Kerberos
Integrity of MIT source
daemon@ATHENA.MIT.EDU (James R. Clifford)
Thu Mar 7 18:39:23 1991
Date: Thu, 7 Mar 91 15:50:55 MST
From: jrc@snow-white.Lanl.GOV (James R. Clifford)
To: kerberos@ATHENA.MIT.EDU
What measures have been taken to protect MIT's Kerberos software source? We are investigating using Kerberos for our network authentication system. For some clients and servers, building the code from the MIT source is the only available/timely alternative. On the other hand, there are those who contend basing a large part of the campus security on software obtained from an electronic bulletin board is crazy. "Bulletin boards are where you go to pick up viruses, Trojan horses, and other nasty social diseases", they say.
What assurances are there that the software that we ftp remains unchanged from what the authors released? That there are no "wizard" passwords? No debugging back doors? Are vendor releases of Kerberos likely to be any better?
Thanks,
Jim Clifford
