[4493] in Kerberos
Kerberos newbie: authenticating PROCESSES and Solaris2.3 Kerberos
daemon@ATHENA.MIT.EDU (David Karr)
Tue Jan 17 19:02:49 1995
To: kerberos@MIT.EDU
Date: 17 Jan 1995 16:53:02 GMT
From: dkarr@nmo.gtegsc.com (David Karr)
This is the first time I've explored Kerberos, so I don't know as much
as I'd like to (or need to).
I have a situation with one or more unix processes that can connect to
a process on a Tandem system (Guardian OS), through a communications
link. There is some desire to implement some sort of security and/or
authorization on the connection to the Tandem system. Currently the
brain-dead protocol just sends a name from Unix to Tandem that is
supposed to be a Tandem user name. If it does not exist, it rejects
the connection.
It is becoming apparent that this security is not only not secure, it
is meaningless. The way the connection is attempted, it is executed
by a background pseudo-server, on behalf of a long chain of events
that was initially started by a person-role who probably doesn't even
know what a "Tandem" is. Even with that, we don't have a data path
that can even communicate the user name that initiated the operation
that will cause the connection to be attempted. That path can be
implemented, but I'm not sure it makes any sense yet.
What are good ways to implement some kind of authorization of
connections like this? Does Kerberos make any sense in this kind of
situation?
--
============================================================================
David M. Karr | Unix/X/C++/Emacs | GTE - Government Systems
dkarr@nmo.gtegsc.com | Software Engineer | w:(206)487-8578 h:(206)483-1732
dkarr@eskimo.com | |
