[4361] in Kerberos
Re: Help After Install
daemon@ATHENA.MIT.EDU (Gordon Matzigkeit)
Sat Dec 17 02:44:34 1994
To: kerberos@MIT.EDU
Date: Sat, 17 Dec 1994 07:24:11 GMT
From: gord@enci.ucalgary.ca (Gordon Matzigkeit)
>>>>> "Brian" == Brian Mancuso <brianm@csa.bu.edu> writes:
Brian> Is there a specific portion of krb5 in particular that you
Brian> can't get to work? Perhaps by cooperation we can figure the
Brian> thing out...
Kerberos on our machines is still vapourware, because I'm still trying
to figure out if it's worth the (apparent) fuss. I think the main
problem for me is the idea of kclients.
What I'm beginning to think is that I'll have to replace every network
tool (i.e. telnet/telnetd, rdump, ftp/ftpd, rsh, etc., etc.) in my OS
with free (since our dept is out of $$$), and therefore generic,
kerberized programs.
Kerberos is obviously a *really big* step up from s/key, logdaemon,
and a TCP wrapper. I'm thinking it may be too expensive (in $$$ or
time) to justify installing. I forsee Kerberos forcing me to make the
tough choice between authentication and functionality.
Is this a correct picture?
If I am not willing to shell out plenty o' dough to some US-based
(sorry, no slander intended... I'm Canadian) security company, is
Kerberos at all practical?
Brian> Brian Mancuso brianm@cs.bu.edu
What advantages can Kerberos offer me... is proof of identity and data
integrity across hostile networks the only benefit?
How big and hostile does my network have to be, how tolerant do my
users have to be, and how paranoid do I have to be to want Kerberos?
(Is there a simple order-of-magnitude answer for this question?)
Any responses/followups would be appreciated, especially from those
who use Kerberos in a semi-open University environment (and I don't
mean the Athena Project). :)
--Gord.
--
Gordon Matzigkeit | J: Nap besusson. Tundokoljon a te varad!
gord@enci.ucalgary.ca | B: Nem tundokol az en varam.
