[6393] in Kerberos
Re: information request
daemon@ATHENA.MIT.EDU (Tony Baxter)
Thu Dec 21 16:40:09 1995
To: kerberos@MIT.EDU
Date: Thu, 21 Dec 1995 12:37:15 GMT
From: Tony.Baxter@bris.ac.uk (Tony Baxter)
In article <16761.199512201245@lenzie.cent.gla.ac.uk>,
colin@udcf.gla.ac.uk (Colin Cooper) wrote:
>hello
>
>we would very much like to set up a machine here to act as
>a "remote login" front end for our campus. ie you must login via it.
>and one of teh ideas we had was to use kerberos to provide us with
>a secure login environment on that machine, which was differnet form
>teh rest of teh campus login systems.
I wonder what you are hoping to buy with this setup. Kerberos has one feature,
and that is to provide authentication to a server machine without having a
clear-text password pass across the [possibly-snooped] network. Assuming that
you're using something like a PC to access the network, you don't have to try
to store confidential encryption keys on the PC (which doesn't have any secure
storage to keep out villains).
As soon as you take the Kerberos user software away from the workstation that
the user is working on, you will be faced with the password-over-the-net
problem.
>we do not wish to get involved in any legal problems so we were wondering
>about ebones, but we need to compile and run under solaris, can you
>please tell us if thsi has been doen and where we may get the code
>from without falling fowl of any laws.
My impression (I'm not a lawyer) is that what is illegal [under USA law] is
the export of encryption code from the USA. As far as I am aware, possession
of the code is not an offence under UK law. [if it is, a number of people are
in the s**t]. I believe that there is no issue about the legal position of
ebones: the non-encryption bones were exported, and encryption installed
outside the USA by a non-USA-citizen. It is version 4 Kerberos. Version 5 is
also mounted on FTP servers outside the USA.
>most people only seem to have code for sunos, that i have spoken too
>
This I can't comment on.
>thanks
>
>colin
>
Tony RFC822: Tony.Baxter@bristol.ac.uk
X.400: G=Tony;S=Baxter;O=bristol;P=UK.AC;C=GB
Comms bod, general dogsbody Phone: +44(0) 117 928 7850
Bristol Univ Computing Service, Switchboard: +44(0) 117 928 9000 ext 7850
Tyndall Ave, Bristol, BS8 1UD. UK. Fax: +44(0) 117 929 1576
