[4244] in Kerberos
Re: remote kpasswd
daemon@ATHENA.MIT.EDU (George Michaelson)
Wed Nov 23 18:17:02 1994
To: kerberos@MIT.EDU
Date: 24 Nov 1994 08:54:36 +1000
From: ggm@dingo.cc.uq.oz.au (George Michaelson)
brian@nothing.ucsd.edu (Brian Kantor) writes:
>The real solution is to get kinit and kpasswd into the terminal server
>itself.
> - Brian
Short of getting xyplex/xylogics/<other> to do this, what is the $ cost/port
for a FreeBSD/NetBSD/BSDI based box with <n> serial cards? KerbIV on a
*bsd box might be the way to go, with full encrypted telnet/rlogin for
onwards connect. eBones+libdes means full DES encrypting capability is
outside the USA right now. K/V will never eventuate, so Bellovin et al's
noted weaknesses remain alas.
Out here in OZ you're looking at <$400 port for a decent annex III. Thats
the bottom line, much against my own desires. I don't see the cost of a
useable PC based system getting much under $4k once you target:
fast clock (66Mhz->100Mhz)
fast bus (PCI)
fast serial port cards (16550 + lots of buffering)
lots of memory (no swapping wanted)
(we priced one of these at $5k incl 1Gb disk + SCSI, I guess
you can cut that out for a T/S but the serial card isn't cheap
neither)
And thats without pricing labour to cut the frontend secured shell to
do PPP/Slip/Proxy/Kerb-user-apps...
-George
--
George Michaelson
G.Michaelson@cc.uq.oz.au The Prentice Centre | There's no market for
University of Queensland | hippos in Philadelphia
Phone: +61 7 365 4079 QLD Australia 4072 | -Bertold Brecht
