[2015] in Kerberos
Re: What types of applications have been Kerberized?
daemon@ATHENA.MIT.EDU (Paul Pomes - UofIllinois CSO)
Tue Jun 30 11:53:13 1992
Date: 30 Jun 92 15:10:05 GMT
From: paul@uxc.cso.uiuc.edu (Paul Pomes - UofIllinois CSO)
Reply-To: Paul-Pomes@uiuc.edu
To: kerberos@shelby.Stanford.EDU
sukes@eng.umd.edu (Tasuki Hirata) writes:
>In fact, our erpcd for the Xylogics annex box checks the user passwd
>with the V4 Kerberos server. What I would really like to see from
>Xylogics is some way of getting a ticket on the annex box and use
>kerberized telnet and rlogin.
In fact until the edges of the network have kerberos, i.e., where
users first make contact with a network application, then kerberos isn't
useful at all. Our users make large use of our modem bank and three
terminal servers to connect to their home machines all over campus.
Whenever they log in, their passwords are sent in the clear to their
host.
This could be handled in two ways:
a) because our service machines and terminal servers share a common
secured Ethernet, force users to log in to one of our mainframes and
do a kinit before connecting to their home machine.
b) convince the vendors to install kerberos software for obtaining and
handling tickets.
Using a) means departments would just install their own terminal servers.
Now that V5 is on the RFC track, b) may become a serious option.
/pbp
--
Blue Ribbon, Gold Star, First Place Award for Academic Quote of the Millennium:
"There's a pecking order around here, & you can't go around the pecking order."
--Mervin E Muller, Chairman, OSU Computer & Info Science, 27 Dec 1990
