[2211] in Kerberos_V5_Development
Re: Kerberos for NT
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Fri Feb 7 16:04:36 1997
Date: Fri, 7 Feb 1997 16:03:52 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: "john.li" <john.li@hq.doe.gov>
Cc: krbdev@MIT.EDU
In-Reply-To: john.li's message of Fri, 7 Feb 1997 10:52:00 -0500,
<M5989264.001.8pdk0.1.970207155119Z.CC-MAIL*/O=HQ/PRMD=USDOE/ADMD=ATTMAIL/C=US/@MHS>
Date: Fri, 7 Feb 1997 10:52:00 -0500
From: "john.li" <john.li@hq.doe.gov>
Is the Kerberos for NT available and if so; do you guys know
where I may obtain a copy of server and client?
There is a ALPHA snapshot for Kerberos for NT available. Development is
proceeding in real-time even as we speak, and there should be a much
better snapshot available soon.
For what application do you want a "server" and a "client"? If you mean
the Kerberos server itself, we currently have no plans at this point to
port the Kerberos KDC to an NT box. Given the NT's predilection for
passing the Administrator password over the network in the clear, and
(as far as I know) no way to turn off its (insecure) remote
administration, and given NT's lack of a good way to securely login to a
box to do remote administration, I can't really imagine why anyone sane
would want to run any kind of application server (let alone a
security-critical application like the KDC) on an NT box.
Most of our efforts have therefore been focuse on making the Kerberos V5
client software work well on an NT workstation. Libraries for allowing
an application server to be written under NT will be available, but
lightly tested, and we certainly have no plans to deploy any
application servers using NT boxes at MIT.
We will accept patches from people who really want to use NT boxes as
servers, but it's not a priority for us.
- Ted
