[3684] in Kerberos
Re: S/KEY integrated with Kerberos?
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Wed Aug 10 00:48:23 1994
Date: Wed, 10 Aug 94 0:35:17 EDT
From: Thor Lancelot Simon <tls@panix.com>
To: brian@nothing.ucsd.edu (Brian Kantor)
Cc: kerberos@MIT.EDU, support@xylogics.com
In-Reply-To: Your message of Tue, 9 Aug 1994 11:23:03 -0700
>
> So buy terminal servers with Kerberos capability. That way the last
> link your password traverses is the telephone line, which is typically
> more secure.
I kind of did. The Annexes I have sort of do Kerberos -- they'll get a TGT
from a server as a method of password checking. They don't, however, use that
TGT *for* anything -- which means I can have all my users log into the Annex,
and then trust the Annex with hosts.equiv, but I'm not very comfortable about
that idea.
Since the Annex already *has* a filesystem, it would seem to me that Xylogics
must already have done most of the hard part of porting K4 to their box. I
don't really understand why they didn't Do The Right Thing, and though it's my
only substantial gripe about the Annex, I do wish they'd go fix it posthaste.
There aren't a lot of fully-featured terminal servers out there that do
support Kerberos. I know about Ciscos and Xyplexes, but I have a whole host
of reasons for hating them, and even if I'd ever go near a Livingston
Portmaster again (which I won't -- some good ideas and an awful murder --
oops, I mean execution) they don't support it either.
But yes, I could sort of use Kerberos on my terminal servers now, and I expect
to use it on them one way or another soon. But not everyone can or will, and
I still think S/KEY support is a better solution as it doesn't require
waiting on terminal server vendors to ge things done.
After all, where can I find a terminal server that does Kerberos 5?
