[6878] in Kerberos
Re: Using Kerberos with a PC client
daemon@ATHENA.MIT.EDU (Howard Chu)
Wed Mar 13 16:10:39 1996
To: kerberos@MIT.EDU
Date: 13 Mar 1996 12:36:11 -0800
From: hyc@troy.la.locus.com (Howard Chu)
In article <2.2.32.19960306190107.006bd2c0@indy>,
Brian Schimpf <schimpf@gradient.com> wrote:
%At 09:50 AM 3/6/96 -0600, you wrote:
%>I have some questions about Kerberos and didn't know where to go, so I found
%>this address and thought I'd give it a try.
%>I'm new at Internet security, and in some research I came across Kerberos.
%>In my readings it seems that Kerberos is for use strictly between more
%>advanced platforms such as UNIX. I am searching for a secure, software
%>handled, authentication process such as Kerberos for authenticating remote
%>PC users who telnet into our systems (AIX and LINUX). I can't find anywhere
%>that Kerberos supports a PC as the client.
% Kerberos is not limited to UNIX although it was first done on UNIX.
%There are Kerberos implementations available for Windows PCs.
%>Is it possible? If not is there
%>anything available that works similarly (I know about the comercially
%>available, and very expensive programs, but cost is an issue).
% I'm not sure what exactly you mean by "commercially available and
%expensive." If you are looking for a freeware implementation of Kerberos
%for Windows you probably won't find it. Someone would have had to port the
%Kerberos distribution to Windows and so they probably aren't interested in
%giving it away. If you really can't buy the software you could conceivably
%get the MIT distribution of Kerberos and port it to the PC yourself, but I
%can't see how that would be "cheaper" than buying the product from someone
%who's already done that and will support it. (Keep in mind that I work for
%a company that provides a commercial version of a standard middleware
%product, in my case DCE, so I have a bias.)
In fact, the Kerberos code as distributed by MIT already has rudimentary
support for Windows included, with some sample apps as well. It's not the
slickest thing in the universe, but it works, so the hard part is already
done. And just to underscore the point, we've built a polished Kerberos
library here at Locus, that we *are* giving away. This is a single DLL with
accompanying Configuration/Ticket Manager app, that integrates both Kerberos 4
and Kerberos 5 client libraries, and also operates correctly with AFS and
DCE authentication servers. The package is bundled into our PC-Interface 6.1
product, which by the way is also the only lightweight file service package
on the market to provide secure Kerberos authentication to Unix, AFS, and
DFS services. (Yah, I work for Locus and I wrote the Kerberos support, so
you could say I have a bias too...) See http://www.locus.com/products for
more information. Currently Kerberos is only integrated into the Win 3.1
client, although the DLL and Manager app work fine on Win '95.
--
Howard Chu Principal Member of Technical Staff
hyc@locus.com PLATINUM technology, Locus Laboratory
