[7132] in Kerberos
Re: Dial-In Servers and Kerberos
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Apr 19 16:19:40 1996
To: nhenry@netcom.com (Neil R. Henry)
Cc: kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 19 Apr 1996 16:06:05 -0400
In-Reply-To: nhenry@netcom.com's message of Thu, 18 Apr 1996 09:50:02 GMT
>>>>> "Neil" == Neil R Henry <nhenry@netcom.com> writes:
Neil> This 3Com server (AccessBuilder?) also supports CHAP over
Neil> the async link. This limits your exposure further, yes ?
Certainly, CHAP is more secure than nothing, and I don't know
of any problems with it. However, I can't think of a good way to
link it to Kerberos off the top of my head. This doesn't mean you
can't use CHAP instead of Kerberos.
Also, I'm not convinced the 3Com product actually supports
Kerberos (RFC 1510 or Kerberos4). Every description has mentioned DCE
specifically. This might suggest it uses the DCE RPC for
authentication instead of the Kerberos interface to the DCE security
server.
