wesommer@athena.mit.edu (Bill Sommerfeld) (03/06/90)
Archive-name: kerberos/06-Mar-90
Original-posting-by: wesommer@athena.mit.edu (Bill Sommerfeld)
Original-subject: Re: New ISO Authentication ASE
Archive-site: athena-dist.mit.edu [18.71.0.38]
Archive-directory: pub/kerberos
Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti)
In article <1990Mar5.154434.21726@geac.com> joey@geac.com (Joey DeWiele) writes:
I don't know anything about Kerberos.
Kerberos is a "paranoid" extension of the original Needham and
Schroeder secret-key based authentication system; it was developed at
MIT's Project Athena. Within the U.S., a reasonably portable
implementation is freely available via anonymous FTP. The current
version of the protocol (version 4) is in production use by thousands
of people at a number of different sites within the U.S. The protocol
is also used by at least one commercial product now in beta test.
A significant revision of the protocol is currently under way. Changes
include additional functionality, removal of limits, use of multiple
encryption algorithms, and conversion to using ASN.1 encoding for all
messages.
Kerberos currently assumes the use of a secret-key based encryption
system such as DES; however, the extensions in version 5 may allow for
the use of public key systems such as RSA.
In particular, I don't how
how widely accepted in the international community Kerberos is.
One reason why this may be the case is the !@#$ U.S. export
regulations on encryption and related technologies. Apparently,
Kerberos is considered to be "encryption control machinery", so
exporting an implementation requires an export license.
There is an "implementation" of Kerberos (known as "bones") which has
all reference to encryption removed, and is exportable without a
license; using the protocol specification, the source to "bones", and
a DES library, it may be possible to convert "bones" back into "the
real thing".
Information on Kerberos is available via anonymos FTP from
athena-dist.mit.edu, in pub/kerberos/*. The source code for all of
Kerberos is also available there, but you may be violating export
rules if you ftp it from outside the U.S.
If you can't FTP, you can also retrieve some of the available
information automatically via electronic mail via an archive server;
send mail to archive-server@athena-dist.mit.edu with a subject line of
"help" for more information.
There's also a usenet newsgroup comp.protocols.kerberos which is
bidirectionally gatewayed with an Internet mailing list. If you can't
read news and wish to join the mailing list, send mail to
kerberos-request@athena.mit.edu.
Bill Sommerfeld
Visiting engineer from HP/Apollo
at MIT/Project Athena.
--
Henry Spencer is so much of a | Bill Sommerfeld at MIT/Project Athena
minimalist that I often forget | sommerfeld@mit.edu
he's there - anonymous |