[815] in Kerberos
kerberos application to OSI
daemon@ATHENA.MIT.EDU (Michael M. Salzman)
Fri Dec 8 07:13:49 1989
From: sytek!salzman@HPLABS.HP.COM (Michael M. Salzman)
To: kerberos@ATHENA.MIT.EDU
This is a two pronged question, prompted by recent user questions on
the net.
Are efforts underway at Athena to integrate Kerberos mechanisms with
OSI protocol services? Is this desirable? Is it feasible?
The second aspect relates to the notion of a user space or environment
which is both authenticated and available network wide. It would seem
useful to incorporate the authentication features of Kerberos within
a service such as X.500, so that users in one domain could access
services in another domain, without prior arrangement. Similarly, a user
could travel to another location and have his environment available
to him including authentication information.
I suspect that such activities would require another layer of
authentication between cooperating Directory Service Agents, since
they would have to trust the information provided by the remote
DSAs. Such a trust establishment mechanism could also use Kerberos,
and would be administered by a higher level authority which would
manage the inter DSA authentication.
I think that a marriage of kerberos and distributed directory/environment
services would be well received in the corporate world, and would
solve a real problem.
Mike Salzman
