[3302] in Kerberos
Re: Recommend Kerberos Vendors?
daemon@ATHENA.MIT.EDU (Jonathan Chinitz)
Thu May 19 10:54:41 1994
To: uunet!panix.com!hecker@uunet.UU.NET (Jared P. Hecker)
Cc: jec@uunet.UU.NET, kerberos@MIT.EDU
In-Reply-To: <2rb9ke$ru0@panix.com>
Date: Thu, 19 May 94 09:38:10 -0400
From: Jonathan Chinitz <jec@isoft.com>
On 17 May 1994 16:32:14 -0400 uunet!panix.com!hecker wrote:
> Hi, all -
>
> My management has just seen the sense of centralized security. I would
> like to strike while they are interested enough to do this. Can anyone
> recommend good vendors of Kerberos implementations? We will probably
> look at Tranarc since we are looking at Encina for development
> uses, but its adoption is by no means certain.
>
If you are looking at Encina then you are looking at DCE as well. DCE
includes Kerberos V5 functionality, but also includes a ton of other
stuff. I don't know the latest details on whether a DCE security server
can talk to V5 clients - every vendor tells me something different. My
guess is not (at the present time, unless someone is willing to correct me...).
> Our environment is HP-UX and AIX, with MS Windows (Powerbuilder) on the
> desktop. We are seeking to provide end-users a
> single login and password for access to all of their authroized servers
> and applications (that is how Kerberos implements authorization and
> authentication, is it not?).
>
Single login you can get from HP and Transarc, but not for MS Windows.
IBM doesn't provide single login on AIX in this release, but will in the next.
> BTW, does anyone know if there are efforts underway to resolve the
> differences between Transarc's implementation and MIT's? It sure makes
> Encina look like a proprietary solution from the security standpoint...
>
Encina uses DCE security which is based on MIT V5. Do not confuse this
with AFS and its implementation of Kerberos.
Jonathan
