[4876] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Basic kerberos/terminal server questions

daemon@ATHENA.MIT.EDU (Ken D'Aquin)
Mon Mar 27 23:19:29 1995

To: kerberos@MIT.EDU
Date: 28 Mar 1995 03:03:08 GMT
From: kgd@uno.edu (Ken D'Aquin)
Reply-To: kgd@uno.edu

In article <3khhte$t1s@mudraker.mtholyoke.edu>, mcrowley@mtholyoke.edu (Michael A. Crowley) writes:
>I would like to authenticate users connecting to a terminal
>server.  (I have Decserver 700s, but if others such as Xyplex
>offer advantages, it would be good to hear about that also.)
>We would like to provide slip/ppp services on the dial-in 
>terminal servers, but authentication is needed to do this.

We are using DECserver 700s for our modem pool.  We use Kerberos to
authenticate users when they start a ppp connection.  Version 1.5 of the DSNACS
software for the server will allow you to do PAP based Kerberos authentication
when ppp is invoked.  You can also set it up to authenticate before giving a
Local> prompt.  The Xyplex servers are nice, but the DECserver 700s are the
best buy when purchased from Midwest Systems.

>
>I'm not concerned that users might have to re-enter login name
>and passwd if they were connecting to LAT services, but I would
>like there to be a single username/passwd database.  I've 
>just begun to experiment with kerberos for the DS700 authentication
>and it seems that the kerberos database remains quite separate
>from the passwd database or hesiod distributed database.

A single database is not entirely possible.  The Kerberos philosophy is that
the passwd password should rarely be needed, since Kerberized utilities should
be used to replace telnet, ftp, etc...  One glaring deficiency of the DECserver
software is a kerberized telnet.  This would have eliminated double
authentication.

>
>In general, how do people solve the authentication of users
>dialing into terminal servers?  Is there some aspect to kerberos
>that its obvious that I've missed concerning this topic?
>
>Any help or pointers to manuals/documentation would be appreciated.

Xylogics has some Annex terminal servers that use an authentication scheme
that resembles Kerberos.  I've heard good things about them from someone who
should know.  I believe thier web site is www.xylogics.com.

>
>Mike
>-------------------------------------------------------
>mcrowley@mtholyoke.edu 
>Network and Technical Services
>Mount Holyoke College, South Hadley, MA   01075
>413-538-2140      
>
---
Ken D'Aquin   (kgd@uno.edu)          |     The opinions expressed above are my
University Computing Center          |     own.  They do not reflect the views
University of New Orleans            |     of the University of New Orleans.

home help back first fref pref prev next nref lref last post