[7731] in Kerberos
Re: XGSS
daemon@ATHENA.MIT.EDU (Brian Schimpf)
Tue Aug 6 10:12:51 1996
Date: Tue, 06 Aug 1996 09:59:38 -0400
To: Sam Hartman <hartmans@MIT.EDU>
From: Brian Schimpf <schimpf@gradient.com>
Cc: alexa@tcsi.com (Alexander Aizman), kerberos@MIT.EDU
At 04:12 PM 8/5/96 -0400, Sam Hartman wrote:
>>>>>> "Alexander" == Alexander Aizman <alexa@tcsi.com> writes:
>
> Alexander> Hello, I'm thinking of CORBA security spec. and intend
> Alexander> to use Kerberos V5. Mainly because of its GSS-API
> Alexander> (which provides security services in a generic
> Alexander> fashion). The problem is that neither GSS nor Kerberos
> Alexander> allow to support access control and audit. Anybody
> Alexander> knows what is the status of XGGS vs. Kerberos?
>
>
> I think it is a bit of a stretch to say that Kerberos doesn't
>support access control or auditing. It certainly doesn't support
>these in a central fassion, but it does provide sufficient mechanisms
>for interested applications to have auditing and access control
>facilities.
This may simply be a difference in semantics. I would say that
Kerberos clearly "supports" features like authorization (access control) and
auditing by providing strong and reliable authentication, since you need
strong authentication for those capabilities to be useful and reliable. On
the other hand, Kerberos does not define or implement such capabilities so
the definition and implementation is up to the user. So Kerberos supports
such features but does not provide them itself. Is that a fair statement?
Thanks,
Brian
===================================================================
Brian C. Schimpf email: schimpf@gradient.com
Gradient Technologies, Inc. Voice: (508) 624-9600 x214
2 Mt. Royal Avenue FAX: (508) 229-0338
Marlboro, MA 01752 http://www.gradient.com/
