[4909] in Kerberos

home help back first fref pref prev next nref lref last post

Re: MIT Kerberos vs DCE-Kerberos

daemon@ATHENA.MIT.EDU (Mike Friedman)
Sat Apr 1 19:33:05 1995

To: kerberos@MIT.EDU
Date: 1 Apr 1995 23:40:46 GMT
From: mikef@ack.berkeley.edu (Mike Friedman)

Jon Mauney (mauney@tophat) wrote:
: mikef@ack.berkeley.edu (Mike Friedman) writes:

: >o  With respect to my first item above, is anyone working on resolving the
: >   technical incompatibilities between MIT K5 and DCE-Kerberos, so that,
: >   for example, one could run MIT K5 servers and authenticate DCE-based 
: >   clients (as well as MIT K5 and K4 kerberized clients)?

: You'll have to do it the other way around: DCE security providing
: support for MIT k5 clients.  DCE v1.1 supports the GSSAPI
: (Generic Security Service Application Program Interface )

So, I guess this means that if our campus acquires the aforementioned large 
application, we must move to DCE.  But we also need to run K4, because of
the other application I mentioned (which is based on Cornell's Mandarin
system and is currently K4-based).  I'd like to avoid having to run DCE
*and* K4.  If MIT K5 could authenticate DCE-based applications, then,
since K5 also can issue K4 tickets, one Kerberos could do the job.  That's
why I asked the question the way I did.  (I'm assuming that DCE security
can't support K4 clients;  is this correct?).

I've seen your DCE FAQ, which is useful.  Do you have any pointers to other
online introductory DCE material?

Thanks.

------------------------------------------------------------------------
Mike Friedman                             mikef@ack.Berkeley.EDU
Data Communication & Network Services     +1-510-642-1410
University of California at Berkeley      http://www.Berkeley.EDU/~mikef
------------------------------------------------------------------------

home help back first fref pref prev next nref lref last post