tek@CS.UCLA.EDU (11/23/88)
Fix 2 highlights a small facet of the larger problem of authentication in a distributed environment. Many X servers only use the host list restriction as their only access control mechanism. However, I have heard that MIT Project Athena uses a much more sophisticated system to regulate access. Where can we get more information about these tools? Are these tools available to others now? or in the future? How much surgery is necesary to adapt the X server (or similar programs) to use such tools? &ted ARPAnet: tek@penzance.cs.ucla.edu UUCP: ...!ucbvax!ucla-cs!tek
rws@EXPO.LCS.MIT.EDU (Bob Scheifler) (11/23/88)
However, I have
heard that MIT Project Athena uses a much more sophisticated system to
regulate access.
Project Athena has a system called Kerberos, which they use for general
access control in their Unix environment, but it isn't hooked into X yet.
Where can we get more information about these tools?
Hopefully someone from Athena will post pointers for Kerberos.
How much surgery is necesary to adapt the X server (or similar programs)
to use such tools?
We (at the X Consortium) are in the process of installing mechanisms
into xdm, Xlib, and our servers to support better authorization mechanisms,
and we're developing a first instance of an authorization protocol to plug
into that framework. It isn't that hard, we expect to have it pretty much
complete in the next few weeks. We'll be distributing it within the X
Consortium first for feedback, and we'll post public patches when it seems
to be ready for prime time.