[5961] in Kerberos
Re: innd/nnrpd w/kerberos?
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Thu Oct 5 15:47:02 1995
To: kerberos@MIT.EDU
Date: 5 Oct 1995 13:14:42 GMT
From: jik@jik.datasrv.co.il (Jonathan Kamens)
In article <199510032141.RAA07808@toxicwaste.media.mit.edu>, warlord@MIT.EDU (Derek Atkins) writes:
|> The MIT SIPB created a package called discuss which is based upon
|> Multics Forum. Discuss is a kerberos-authenticated service that does
|> most of what you want. You set up discuss meetings and can set the
|> acl for each meeting to control who can attend the meeting, who can
|> read the meeting transactions, who can enter or reply to transactions,
|> etc.
|>
|> The discuss server runs under UNIX, and there are UNIX clients and a
|> Mac Client; I believe a windows client is underway.
|>
|> You can get discuss via ftp://athena-dist.mit.edu/pub/ATHENA/discuss/
In my opinion, Discuss is a dead end. It's used at very few places besides
MIT, it's not standardized (is there an RFC documenting the Discuss
protocol?), there's only one server implementation (which isn't very good,
although it has improved over the years), there are far fewer clients for it
than for NNTP, and the server and clients are far less functional than
available NNTP servers and clients.
The only advantage that Discuss has over NNTP is that Discuss already has
Kerberos support, but even that isn't much of an advantage because it only
supports Kerberos V4, not Kerberos V5, and IMHO anyone who is installing new
software at this point that requires V4 is doing something wrong.
I think that a far more productive thing to do would be to spend a little bit
of time using the new NNTP AUTHINFO GENERIC stuff that Chris Lewis
(clewis@bnr.ca) has been working on to add Kerberos V5 authentication (well,
even better, GSS-API authentication using the Kerberos V5 GSS-API mechanism)
to innd and to NNTP clients on various platforms. Since MIT is working on Mac
and PC Kerberos V5 library releases, this shouldn't be that impossible.
Even if you must go with Kerberos V4, because you've already got it installed
at your site or perhaps because there are already V4 libraries available for
the Mac and the PC and you need to get this set up *now*, I think you'd be
better off adding Kerberos V4 support to NNTP using AUTHINFO GENERIC than
using Discuss. At least then, you'll be using standardized software and
you'll have an easy upgrade path when Kerberos V5 libraries are released for
the Mac and PC and/or when more NNTP clients start supporting AUTHINFO
GENERIC.
