[5968] in Kerberos
Re: innd/nnrpd w/kerberos?
daemon@ATHENA.MIT.EDU (James_Mathiesen)
Fri Oct 6 17:04:24 1995
To: kerberos@MIT.EDU
Date: 6 Oct 1995 16:12:41 -0400
From: james@ets.cis.brown.edu (James_Mathiesen)
In article <450lo2$ndu@jik.datasrv.co.il>,
Jonathan Kamens <jik@jik.datasrv.co.il> wrote:
>Even if you must go with Kerberos V4, because you've already got it installed
>at your site or perhaps because there are already V4 libraries available for
>the Mac and the PC and you need to get this set up *now*, I think you'd be
>better off adding Kerberos V4 support to NNTP using AUTHINFO GENERIC than
>using Discuss. At least then, you'll be using standardized software and
>you'll have an easy upgrade path when Kerberos V5 libraries are released for
>the Mac and PC and/or when more NNTP clients start supporting AUTHINFO
>GENERIC.
Brown University has already created an AUTHINFO GENERIC implementation
for Kerberos V4. We also have an authorization service called grouper
which lets you dynamically administer newsgroup access based on authenticated
identity.
We have:
- Server mods to INN 1.4
- grouper server (arbitrary set arithmetic on users)
- generic-krbv4.c (unix client side authinfo generic)
- patches to tin 1.22 & trn 3.6 for authinfo generic support
- Optional support for cleartext proxy kerberos authentication
with authinfo username/authinfo pass
All the above is available from ftp://ftp.brown.edu/netnews/inn-1.4-patches
(all this stuff is by me, so feel free to ask questions)
In addition Peter DiCamillo (cmsmaint@brownvm.brown.edu) implemented a
"generic authentication tool interface" in NewsWatcher and created
a Kerberos V4 Newswatcher plugin extension. This is architected similarly
to the NCSA Telnet authentication plugins. I'm not sure if Norstad
has integrated this into his release yet.
James Mathiesen
Sr. Systems Programmer
Brown University
