[6825] in Kerberos
Re: Using DCE secd as a Kerberos 5 KDC (fwd)
daemon@ATHENA.MIT.EDU (Jonathan Chinitz)
Wed Mar 6 00:09:55 1996
Date: Tue, 5 Mar 1996 23:56:52 -0400
To: lemson@uiuc.edu
From: jec@isoft.com (Jonathan Chinitz)
Cc: kerberos@MIT.EDU
>Along these lines, I am very interested in the ability to use a MIT V5
>KDC as a secd. Rich Salz alluded to this possibility in his talk on
>new OSF DCE features at DECORUM last week. Can anyone confirm that
>we'll be able to use our existing KDC (with those 90,000 passwords
>that 90,000 people already know) with a DCE cell (in 1.2.1, according
>to Rich)? Perhaps we'll have to upgrade to a later beta release of
>V5 KDC?
>
I think you mis-interpreted Rich's talk: You can use a DCE secd as your
Kerberos KDC, not the other way around. The DCE secd has a special thread
that listens for udp/88 rewquests, while the rest of the DCE clients talk
RPC to the secd on transient ports.
As I indicated in a seperate note, the Betas that I believe are currently
workable in this scenario are Beta 3, 5 & 6.
And, yes, you will be able to load 90K accounts (principals) into the DCE secd.
-Jonathan
Jonathan Chinitz
IntelliSoft Corp.
Offices in Acton MA, Baltimore MD
Voice: (508) 635-9070 Fax: (508) 635-9210
URL: http://www.isoft.com
