[7096] in Kerberos
Kerberos V5 and DCE (fwd)
daemon@ATHENA.MIT.EDU (David Lemson)
Tue Apr 16 00:40:55 1996
To: kerberos@MIT.EDU
Date: Mon, 15 Apr 1996 23:26:33 -0500 (CDT)
From: lemson@uiuc.edu (David Lemson)
Reply-To: lemson@uiuc.edu
----- Forwarded message from Joe Traister -----
We are currently investigating the use of Kerberos v5 for login
validation, but expect to eventually use DCE on a group of AIX 4.1.4
machines. I have two questions regarding this: 1) Is a kerberized
login available, or will we need to create it? 2) Will the Kerberos
principle database/srvtab/etc. be migratable to DCE?
Any help with this would be most appreciated.
----- End of forwarded message from Joe Traister -----
I haven't heard that anyone has actually done it, but all signs
point to the V5 principal database being easily migratable to a DCE
database, since the passwords have the same format. srvtab's will
probably need to be recreated (this is quite easy with DCE), but this
is a much smaller job than changing principal passwords unless you have
more machines than users. Be careful that you have all V5 clients,
because if you have V4 clients creating passwords, those passwords
won't be easily migratable to the current DCE security server.
When you say kerberized login, I presume you mean a kerberized
rlogind and rlogin client -- this should be supported as noted on this
list with DCE 1.2.1/2. OSF has not promised V5 compatible ftp or telnet
clients. (for instance, the MIT V5 distribution comes with a
workable kerberized telnet and telnetd -- this may not be supported
with DCE, although I think any V5 clients should work with DCE 1.2's
security server)
--
David Lemson
University of Illinois Computing and Communications Services Office
lemson@uiuc.edu (217) 244-8833
