[125] in Zephyr Mailing List
Re: dredging InterRealm Zephyr back out of the swamp...
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Fri Jun 3 10:37:50 1994
Date: Fri, 3 Jun 1994 10:29:56 -0400 (EDT)
From: John Gardiner Myers <jgm+@CMU.EDU>
To: zephyr@MIT.EDU
In-Reply-To: <ghvfalsGgE47BCYT5Z@mit.edu>
Bill Cattey <wdc@MIT.EDU> writes:
> Excuse me, but the Kerberos host is expected to be physically secure,
> and to engage only in cryptographically secure conversations.
Ditto for the Zephyr server, once you fix all the security holes in
it.
> If you allow any random to bring up a Kerberos server, then your
> criticsm would be valid.
Of course we allow any random to bring up a Kerberos server. Who's
going to stop them?
In fact, the last random who brought up a Kerberos server here got
hired by the department.
With both services, each realm decides which other realms they are
willing to do transitive authentication realms and trusts those other
realms only so far as to authenticate the other realm's own users.
> But as the deployment environments for Zephyr and Kerberos are so
> radically different, your criticism is specious.
What's so radically different about their deployment environments?
--
_.John G. Myers Internet: jgm+@CMU.EDU
LoseNet: ...!seismo!ihnp4!wiscvm.wisc.edu!give!up
