[3291] in Kerberos
Re: (none)
daemon@ATHENA.MIT.EDU (wwatson@danaan.MIT.EDU)
Wed May 18 00:51:30 1994
To: kerberos@MIT.EDU
Date: 17 May 94 15:11:35
From: wwatson@danaan.MIT.EDU
Reply-To: wwatson@danaan.MIT.EDU
>> but I don't
know anything about Kerberos, how it works or what do I need in
>>order to install it properly.
Kerberos is an encryption method designed to work on a network (secured or unsecured). (We're going to get VERY general here) It uses a single session shared secret method of key encryption between client and host. In an "out of the box" version you should the programs that allow the user to get the key for the single session (this key changes for every session... hence the difficulty of cracking the encryption) and the libraries you will need to include in the application that you want the tran
sactions encrypted. Here's the kicker about kerberos... Any application that you want to use kerberos must be recompiled with the kerberos libraries and the encryption calls be programmed in. You decide on the worth and merit of this.
>>I believe that it's illegal if the
version of Kerberos comes with DES; so, I need to >>know whether there's a version of Kerberos without DES and whether it's useful.
It is illegal for an American citizen or company to ship any computer application that uses DES. Whether it's illegal to ship source for DES I don't know. I don't believe US law applies to a Mexican citizen. I could be wrong though, it's happened before. Consult with the school legal dept. Kerberos uses a number of encryption algorithms. The choice of algorithm is yours to make, DES is just the hottest techno buzzword in the security biz today.
>>My boss told me that I needed to find out what's up with the NTP
>>implementation (in order to install Kerberos) but I don't know if
>>this is true.
One of the "locks" on a kerberized network packet is a timestamp on the packet to help prevent capture and playback. The clocks on the kerberized systems need to be pretty closely in sync (this is a configurable parameter). NTP is just the most common method of keeping your system's clocks together.
will.watson@mccaw.com
"If you didn't want me to come in why'd
you leave all the doors and windows open?"
My opinions are my own. My employer doesn't authorize
me to have one.
