[4951] in Kerberos

home help back first fref pref prev next nref lref last post

Re: MIT Kerberos vs DCE-Kerberos

daemon@ATHENA.MIT.EDU (Dave Crocker)
Sun Apr 9 01:22:10 1995

Date: Sat, 8 Apr 1995 21:20:08 -0700
To: mikef@ack.berkeley.edu (Mike Friedman)
From: Dave Crocker <dcrocker@networking.stanford.edu>
Cc: kerberos@MIT.EDU

Round this mullberry bush again:  By way of a small elaboration or
compaction of the previous response...:

DCE Kerberos really is different from MIT Kerberos.  It offers an
additional function (authorization) and it runs over a different stack (DCE
RPC, rather than "raw" TCP.)  It does not "interoperate" with MIT Kerberos.
They are not compatible.

HOwever, DCE Kerberos KDCs can do both DCE Kerberos and MIT Kerberos.  This
is simple, "dual stack" operation.

If you need to support DCE apps, you need a DCE KDC.  If you don't, an MIT
Kerberos KDC ought to be just fine.

d/

--------------------
Dave Crocker
Brandenburg Consulting                                  +1 408 246 8253
675 Spruce Dr.                                    fax:  +1 408 249 6205
Sunnyvale, CA  94086                   dcrocker@networking.stanford.edu



home help back first fref pref prev next nref lref last post