eric@crg5.UUCP (Eric Okholm) (01/25/91)
Last week I obtained the kerberos source files from MIT. Now that I have read most of the documentation and a wee bit of the code, I have some novice questions which I hope one of you can answer for me: About versions: -------------- The version that I got was V4. Judging from material at Interop '90, V5 has already been submitted to OSF. Is it generally available? If not, when is it expected? Also at Interop '90, the OSF address indicated that they were using V5 "augmented by other HP security components." Will this version be available only from OSF? Is this going to make the MIT and OSF versions diverge? About levels of security: ------------------------ The Kerberos paper by Steiner, Neuman, and Schiller (3/30/88) indicated that there are three distinct security levels: (1) authenticate at establishment, (2) safe messages, and (3) private messages. It seems to me that as a user of an application I might wish to use a higher level of security than is required by the server. For instance, in many cases I might want just basic rlogin services, but then occasionally I might feel paranoid and really want private messages. This might be an interesting thing to allow a user or the network administrator configure for each application. However, computer vendors (other than HP) really like to avoid doing things in a proprietary way. Has anyone addressed this sort of flexibility? About the Davis & Swick document: -------------------------------- I haven't looked at the code much yet. Were the changes suggested accepted and are they in V4? About realms: ------------ Is there any way that a user can tell if they are trying to remotely log into a host which is in a different realm? Is this expected to mirror domains? This portion of kerberos seemed rather cumbersome to me, although I have no suggestions for improvement. Miscellaneous: ------------- - Are there systems with kerberos on the market? - My memories of how encryption works come mostly from a vague recollection of a program on codes by Nova long ago. Can anyone suggest a good tutorial for me on the theory behind the DES encryption standard? By the way, wherever you are Bill Bryant, many thanks for the Athena/Euripides document. That's one of the best introductions to a subject I have seen in a long time. Thanks in advance for any answers... Eric Okholm eric@sequent.com (503) 578-3712