[4245] in Kerberos
Re: remote kpasswd
daemon@ATHENA.MIT.EDU (Josh Osborne)
Wed Nov 23 19:13:59 1994
From: stripes@uunet.uu.net (Josh Osborne)
To: ggm@dingo.cc.uq.oz.au (George Michaelson)
Date: Wed, 23 Nov 1994 18:55:56 -0500 (EST)
Cc: kerberos@MIT.EDU
In-Reply-To: <3b0h7c$k6a@dingo.cc.uq.oz.au> from "George Michaelson" at Nov 24, 94 08:54:36 am
[...]
>Short of getting xyplex/xylogics/<other> to do this, what is the $ cost/port
>for a FreeBSD/NetBSD/BSDI based box with <n> serial cards? KerbIV on a
>*bsd box might be the way to go, with full encrypted telnet/rlogin for
>onwards connect. eBones+libdes means full DES encrypting capability is
>outside the USA right now. K/V will never eventuate, so Bellovin et al's
>noted weaknesses remain alas.
>
>Out here in OZ you're looking at <$400 port for a decent annex III. Thats
>the bottom line, much against my own desires. I don't see the cost of a
>useable PC based system getting much under $4k once you target:
>
> fast clock (66Mhz->100Mhz)
Call it $500 for a 486-66. That may not be enough CPU, but that's the
price I know. (this is _just_ a ISA motherboard (with SRAM cache) + CPU,
no disk, case, or DRAM).
> fast bus (PCI)
What do you need a fast bus for? I think you will run out of CPU
before you run out of bus bandwidth even on an ISA bus. Let's
assume we are going to have a single ethenet out, that's a max of
10Mbit/sec, or ~1.2Mbyte/sec going out, so you can't really have
much more then that much traffic across the serials, so that's
2.4Mb total, and we don't expect to hit the drive, or video much,
and there is nothing else, so we have 2.4Mbyte/sec on a 8Mbyte/sec
(theoritical max, more like 5Mbyte/sec in real life) bus. That leaves
plenty of room for things like needing ISA cycles for control purposes.
> fast serial port cards (16550 + lots of buffering)
That's one way to go. The other is a RISCCom 8-port board (baised on
some Cyrex serial parts that unfortunatly are not as good as the
16550), which is cheap. These retail for ~$600 for a 8-port board, like
most things they wholesale much lower. Last time I played with the
RISCCom you couldn't recieve at 38.4Kbaud, or even 19.2 without losing
data (or asserting flow control), but I hear the driver has been
much improved since then. For the moment I would assume you don't want
to put more then one on a machine unless you know that very few ports will
be running full speed. I am discussing this board because I know it's
price, not because I think it is the best choice. There may be better
cheaper boards (if there are, please let me know).
> lots of memory (no swapping wanted)
I think you are over-specing it. What will the machine do? getty, and
telnet. How much memory does that require? I don't know, but I would
be at least a little supprised if 8Mbytes ($280) didn't cut it.
> (we priced one of these at $5k incl 1Gb disk + SCSI, I guess
> you can cut that out for a T/S but the serial card isn't cheap
> neither)
A 1G disk is "only" $700ish (CSC sells a 2.1G DEC disk for under $900),
and a SCSI controler will run around $250 (for a good, but not great
controler). I susspect that you could get away with a small IDE drive,
I think 300M IDE drives are under $300, but I don't buy them, so I don't
know. The IDE controler is $10 (and includes 2 serial ports you don't
want to use).
So this totals $1690 for a 8 port system, which is ~$200 a port.
>And thats without pricing labour to cut the frontend secured shell to
>do PPP/Slip/Proxy/Kerb-user-apps...
Well yes, $200 a port before all that. And anything else we forgot
(um, a case + power suply is at least $50, many PC's won't boot without
a video display, and while I have seen $15 ones in a magizine, I havn't
seen any for less then $50 this last year, and undoubitidly there are
other things I have forgotten). Even if we increse a few of the
requirements I think you can keep the hardware cost competitave, but
the software and assembly costs may kill you.
