KANUNGO@GWUVM.GWU.EDU (RAj) (03/18/91)
Obviously, some of the assumptions made for UNIX based systems will break down for DOS based networks. If I have to port Kerberos to DOS based networks (which account for more than half of all LANs) many of which are conne cted to UNIX based systems I will not have the ACL-based security which UNIX offers. Moreover, many applications are out that allow mounting a DOS file- system to a UNIX machine. I see Kerberos becoming very popular in UNIX environments (academic as well as commercial). Both environments have to accomodate DOS-based workstations or one of the major strengths of Project Athena -- interoperability -- will not be available to others. I would like to hear from anyone who has attempted to port Kerberos to DOS based environments or has given any thoughts to it. Thanks, / Raj
trier@cwlim.INS.CWRU.Edu (Stephen C. Trier) (03/19/91)
From my understanding of Kerberos, it should be well-suited to a DOS environment. Essentially, a DOS machine's security is like a Unix machine where every user has automatically broken into root. Perhaps I'm being naive, but that sounds a lot like MIT, where the Athena workstation root password has been _published_. I would worry more about the technical details: Making the DES routines run on a 16-bit, backwards-byte-order machine, fitting the necessary new commands into the memory model of your choice, and finding a decent place to put the tickets. (File? Network kernel? I don't know.) Perhaps most of these problems have been solved already. As for my experience with Kerberos on DOS, I think the admins here have agreed it would be nice. I took a brief look at doing a port, but I did not have enough time to determine how feasible it might be. -- Stephen Trier Case Western Reserve University Work: trier@cwlim.ins.cwru.edu Information Network Services Home: sct@seldon.clv.oh.us %% Any opinions above are my own. %%