[lug] Re: RFI -- Kerberos

Neal McBurnett nealmcb at avaya.com
Mon Oct 16 14:34:23 MDT 2000


Once upon a time, John Kottal <jlkottal at americanisp.net> wrote:
> I am doing a school paper on Unix/Linux Securityusing Kerberos and would
> ask if anyone who has used it would share their experiences, both good
> and bad.
> 
> John Kottal

Works fine for me (limited testing), until you get into the
Micro$oft-proprietary Privilege Attribute Certificate (PAC).  There is
apparently an IETF effort to define an official usage of that field,
thankfully.

There is cool stuff at U Michigan, ICI and elsewhere on combining
Public Key methods and Kerberos (kx509, PKINIT, GSS-API, GAA-API etc.)

Post your paper when you're done - this is really important
stuff.

 http://web.mit.edu/kerberos/www/
 http://www.isi.edu/~govindan/cs558/netsec/
 http://www.ncsa.uiuc.edu/General/CC/kerberos/firewall.html
 http://www.colorado.edu/ITS/docs/identikey/
 http://www.simc-inc.org/dce-pki/SIMCdraft2.html
 http://choices.cs.uiuc.edu/Security/JGSS/jgss.html
 http://www.counterpane.com/crypto-gram-0003.html
 http://caselaw.findlaw.com/cgi-bin/getcase.pl?court=US&vol=472&invol=585
  bork compares MS practices to aspen skiing company and highlands
 http://slashdot.org/article.pl?sid=00/03/24/0752258&mode=nested

Cheers,

Neal McBurnett <neal at bcn.boulder.co.us>  303-538-4852
Avaya Inc, the former Enterprise Networking Group of Lucent/Bell Labs
http://bcn.boulder.co.us/~neal/      (with GnuPG/PGP keys)




More information about the LUG mailing list