[4909] in Kerberos
Re: MIT Kerberos vs DCE-Kerberos
daemon@ATHENA.MIT.EDU (Mike Friedman)
Sat Apr 1 19:33:05 1995
To: kerberos@MIT.EDU
Date: 1 Apr 1995 23:40:46 GMT
From: mikef@ack.berkeley.edu (Mike Friedman)
Jon Mauney (mauney@tophat) wrote:
: mikef@ack.berkeley.edu (Mike Friedman) writes:
: >o With respect to my first item above, is anyone working on resolving the
: > technical incompatibilities between MIT K5 and DCE-Kerberos, so that,
: > for example, one could run MIT K5 servers and authenticate DCE-based
: > clients (as well as MIT K5 and K4 kerberized clients)?
: You'll have to do it the other way around: DCE security providing
: support for MIT k5 clients. DCE v1.1 supports the GSSAPI
: (Generic Security Service Application Program Interface )
So, I guess this means that if our campus acquires the aforementioned large
application, we must move to DCE. But we also need to run K4, because of
the other application I mentioned (which is based on Cornell's Mandarin
system and is currently K4-based). I'd like to avoid having to run DCE
*and* K4. If MIT K5 could authenticate DCE-based applications, then,
since K5 also can issue K4 tickets, one Kerberos could do the job. That's
why I asked the question the way I did. (I'm assuming that DCE security
can't support K4 clients; is this correct?).
I've seen your DCE FAQ, which is useful. Do you have any pointers to other
online introductory DCE material?
Thanks.
------------------------------------------------------------------------
Mike Friedman mikef@ack.Berkeley.EDU
Data Communication & Network Services +1-510-642-1410
University of California at Berkeley http://www.Berkeley.EDU/~mikef
------------------------------------------------------------------------