[4925] in Kerberos
The cost (monetary) of Kerberos (was Re: What's with the kpasswd port # confusion?)
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Tue Apr 4 11:52:44 1995
To: kerberos@MIT.EDU
Date: 4 Apr 1995 15:27:25 GMT
From: jik@cam.ov.com (Jonathan I. Kamens)
In article <3lr4st$gsh@m1.cs.man.ac.uk>, julian@cs.man.ac.uk (Julian King) writes:
|> You are all talking about Kerberos for FreeBSD. My understanding was that
|> Kerberos cost money, and FreeBSD was free.
MIT distributes both Kerberos V4 and Kerberos V5 source code for free. Cygnus
distributes their own Kerberos V4 release for free, and is also planning on
distributing a Kerberos V5 release for free at some point (Cygnus makes its
money from selling support, so they'll try to get you to buy support from
thenm if you use their Kerberos products, but they'll still give you the
source code to those products for free). Other organizations, e.g., Sandia
National Labs, distribute their own versions of Kerberos for free. My
impression is that all of the free Kerberos implementations are based on MIT's
distribution.
In addition to these free distributions, there are a number of vendors selling
commercial Kerberos products. They include OpenVision (mentioned first only
because I work there :-), CyberSAFE (formerly OCSG), DEC (as part of their
DECathena environment), and TGV. Then, of course, there's companies that sell
OSF DCE, which includes Kerberos, but you can't really separate out the
Kerberos component of DCE and use just it, so that's not very useful to you
unless you want to buy all of DCE.
The primary advantage of using a free Kerberos distribution is, well, that
it's free. The primary advantages of using a commercial Kerberos product are
that the company that sells it to you presumably commits to support it and
that the commercial products often contain significant added value.
If you *do* decide to set up a Kerberos environment from scratch, you're much
better off starting with Kerberos V5 than Kerberos V4, which is obsolete. If
you decide to start with the current MIT Kerberos V5 distribution, you should
know that the number of bugs in it is unfortunately not insignificant; on the
other hand, many of those bugs will be fixed in the next MIT release (although
there's no telling for sure when that will be).
(Followups set to comp.protocols.kerberos.)
--
Jonathan Kamens | OpenVision Technologies, Inc. | jik@cam.ov.com