[943] in Kerberos
2 questions: System V Kerb? root privilege necessary?
daemon@ATHENA.MIT.EDU (Kass)
Fri May 11 17:31:18 1990
Date: 10 May 90 14:04:11 GMT
From: sgk@MBUNIX.MITRE.ORG (Kass)
To: kerberos@ATHENA.MIT.EDU
I'm interested in installing Kerberos on an AT&T System V machine
so it can talk to some SUNs with trust. The System V machine is
the AT&T 3B2 600 running System V/MLS, which was given a B1 TCSEC
(Orange Book) rating this fall. The system administrator is trying to
run it securely and so is being very tight about giving out root
password and is unwilling to install "foreign" software with root
privilege.
It doesn't seem to me to be absolutely necessary for Kerberos to be
installed with root privilege, is that correct? (I think you could
get the necesssary protection by a Kerberos "category", something
like: level=Unclassified, category=Kerberos) If this sounds good so
far, what does it take to seperate out the root privilege?
Has Kerberos ever been developed for a System V UNIX? The source I
ftp'd from athena is obviously chuck full of socket routines. I assume
that I could probably just create an envelope for such routines
to convert them to appropriate TLI commands. (?)
I would be very interested in discussing these issues with
anyone who has thought about this before or who has the time/interest.
Thanks in advance!
Sharon Kass
sgk@mbunix.mitre.org
617-271-2178
