[4456] in Kerberos
Re: "Kerberos" at Usenix (WAS Re: GNU tape making at Winter USENIX?)
daemon@ATHENA.MIT.EDU (Henry Spencer)
Mon Jan 9 10:47:31 1995
To: kerberos@MIT.EDU
Date: Mon, 9 Jan 1995 15:09:46 GMT
From: henry@zoo.toronto.edu (Henry Spencer)
In article <3ennv1$dta@news.cloud9.net> tls@cloud9.net (Thor Lancelot Simon) writes:
>Perhaps this would be a good time to suggest that enough planning be applied to
>the Kerberos installation this time around to avoid the complete lack of
>security -- and, worse, evident promise of security which proved to be
>completely ficticious -- which was delivered by the "Kerberos installation
>and support" at last summer's Usenix.
Do I hear you volunteering to help?
The Terminal Room crew would like nothing better than to "do it right".
There is, however, a small problem of manpower, especially given the
unfortunate realities of very short setup time, limited opportunity for
advance preparation (we're trying a new tack on some things this time,
which may help... we'll see), and a shortage of expert Kerberoids. The
best way to make sure that the situation improves is to contribute some of
the effort required.
(Hmm, one small disclaimer: this is not a promise to accept offers of
help from all and sundry. When it comes to security issues, it's necessary
to be a little careful about who gets to help, even if it means rejecting
well-meaning folks just because nobody can vouch for them.)
>...A far more secure
>Kerberos installation should be planned and executed, or the entire
>fancy-buzzword-promise should be scrapped.
If we can't make it work, within the limits of available manpower and
resources, it will have to be scrapped. See above for hints on how that
could be avoided.
>One would think that the Usenix board, of all possible groups of people, would
>understand that false security is much, much worse than no security at all.
The board has larger issues to worry about, and isn't involved much in the
details of planning for the Terminal Room.
>>Xterminals will be provided by Tektronix.
>
>The Right Thing to do, of course, would be to get the X terminal vendor to
>supply versions of kinit and various Kerberized binaries like telnet linked
>against their run-time library...
The first priority has to be getting them to supply terminals. :-) There's
a limit to how much we can ask for, especially the first time with a new
vendor.
--
There is more to life than getting a job | Henry Spencer
and making a living. --Barbara Morgan | henry@zoo.toronto.edu
