[5467] in Kerberos
Re: Kerberos V and DCE
daemon@ATHENA.MIT.EDU (Doug Engert)
Thu Jul 6 12:48:27 1995
Date: Thu, 06 Jul 95 11:28:40 CDT
From: "Doug Engert" <DEEngert@anl.gov>
To: <KERBEROS@MIT.EDU>
Cc: <DCROCKER@BRANDENBURG.COM>
Dave Crocker <dcrocker@brandenburg.com> wrote:
>MIT Kerberos & DCE Kerberos are different protocols, in spite of
>their similarities. They don't interwork.
I beg to differ on that. We are actively working on a ESnet
Authentication project where we are using DCE security servers,
with the Kerberos 5 beta 5 clients. We are using the Kerberos 5
beta 5 clients, and daemons, rlogin, and telnet. We can also
cross cell authenticate, and forward credentials. I have built
Kerberos 5 beta 5 on SunOS, Solaris, AIX and Linux and use the
Transarc 1.0.3a DCE Security server.
There are problems. There is one fix required in the Kerberos 5
beta 5 libs, and you need to use the HP 1.0.3 DCE server or the
Transarc 1.0.3a server with the "flags" fix if you want to
forward credentials.
I would also like to point out that "single signon" with Kerberos
interoperablity was the top vote getter in the OSF DCE Security
Sig requirements. (OSF RFC 8.1)
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
