[7117] in Kerberos
Re: Dial-In Servers and Kerberos
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Apr 18 02:19:32 1996
Date: Thu, 18 Apr 1996 15:45:27 +1000
From: darrenr@nabaus.com.au (Darren Reed)
To: herwin@osf1.gmu.edu
Cc: kerberos@MIT.EDU
> From herwin@osf1.gmu.edu Thu Apr 18 06:31 EST 1996
> On Wed, 17 Apr 1996, Darren Reed wrote:
>
> > In some mail I received from Sam Hartman, sie wrote
> > >
> > > So, the answer is somewhat complicated. If you are looking at
> > > terminal servers that can work in a Kerberos environment, the answer
> > > is that yes, several exist. If you look to find terminal servers that
> > > meet the Kerberos security model, I am not aware of any.
> >
> > It is, however, relatively easy to do kerberos over the a tty dialin, all
> > you need to do is work out how your dialin `thing' is going to send
> > Kerberos `packets' to your KDC.
> >
>
> I know unencrypted dial-up access to a kerberized system means I'm already
> damned. So it goes. Unfortunately, I've been given OpenVision Kerberos 5
> running on a SPARC 5 and a second SPARC 5 running Solaris 2.4/5 and a 3Com
> Access Control Server, and told to work it out. The 3Com stuff works with
> OSF DCE and needs an HP server to do that.
The key here is simple: just treat the dialin line as just another part of
your ethernet - ie you only send encrypted stuff over it - and not treat it
like a console. I don't know if there are any COTS products which do this
yet, but it is doable if you're willing to write some code yourself.
darren
