[3928] in Kerberos
Re: (none)
daemon@ATHENA.MIT.EDU (Rich Salz)
Tue Sep 27 09:22:39 1994
To: kerberos@MIT.EDU
Date: 27 Sep 1994 03:29:03 GMT
From: rsalz@osf.org (Rich Salz)
In <9409192042.AA24437@orchid.tc.pw.com> Charlie_Rutstein@notes.pw.com writes:
>Can someone give me a pointer to a document that indicates the differences
>between DCE v.1.1 Kerberos and the more "standard" flavors now in use?
I don't know of any such document. DCE 1.0(.x) uses MIT Kerberos V5,
"very early release." :-) As such, there may be occasional bugs (in both
OSF DCE and/or MIT code) that prevent interoperability -- we're working
on fixing them. MIT, OSF, and the DCE 1.2 recently met and set things
up so that we'll continue to work together in the future.
From the user-level, the biggest difference is that DCE security uses
Kerberos principals in a particular way; "klist" on a DCE identity
won't give you the obvious answers.
We're not yet in a position to say that we provide full RFC-level protocol
compatibility, primarily because we have no ongoing program to test this.
Nevertheless some people have used DCE's security server as a KRB5 server
and say it's worked.
Hope this helps.
/r$
