Future of Kerberos and Vendor support

Date: 18 Feb 91 20:24:21 GMT
From: gregh@aplcomm.JHUAPL.EDU (Robert G. Hollingsworth)
To: kerberos@shelby.Stanford.EDU

Several months ago, I sent out a query to this group about vendor
support for Kerberos.  I'd like to run Kerberos on some of our hosts,
but this requires that Kerberized client software on a variety of
hosts.  The only way I'm going to be able to run Kerberos here is if I
can I can get 'out of the box' Kerberos clients that require minor
configuration changes.

I received some feedback from my original posting that hinted that I
might someday be able to obtain Kerberized client software for Macs
and PC's, and that Ultrix 4.0 was being shipped with Kerberos.  Sounded
like there might be a chance of running it here someday.

Recently I have heard that DEC is taking Kerberos, incorporating RSA
into it, and redistributing it widely.  I read through their
literature (I'm no cryptography expert), it sounded like a
reasonable addition to me.

Now I fear that I'm going to have a set of DEC hosts that run RSA
Kerberos, and a set of client systems that run standard Kerberos.  Can
anyone comment on what I can expect to see in the future in the
Kerberos arena.  Will we ever be able to use Kerberos in our large
heterogeneous network?

	Greg

Date: Mon, 18 Feb 91 22:50:18 -0500
From: Jeffrey I. Schiller <jis@MIT.EDU>
To: gregh@aplcomm.JHUAPL.EDU
Cc: kerberos@MIT.EDU
In-Reply-To: Robert G. Hollingsworth's message of 18 Feb 91 20:24:21 GMT 
<368@aplcomm.JHUAPL.EDU>

	DEC will be offering an authentication system which I believe
will be called "SPX" (formerly known as Sphinx).  SPX is not Kerberos
with RSA added. It is a separate system which is based on RSA Public
Key Encryption.

	SPX offers a lot of the same features of Kerberos, but is not
a Kerberos spinoff.

	The good news is that the SPX developers and the Kerberos
developers have been in touch with each other. Our hope is to offer a
generic application programmer's interface (Generic API) that will
work with either SPX or Kerberos.  This would also support the linking
of applications so as to allow them to operate in either an SPX or
Kerberos environment.

	We have also begun preliminary internal discussions on how to
integrate public key technology directly into Kerberos. For now this
is a back burner project at MIT (V5 needs to get out the door!).

      ... Can
   anyone comment on what I can expect to see in the future in the
   Kerberos arena.  Will we ever be able to use Kerberos in our large
   heterogeneous network?

Expect to see Kerberos enhanced to support Public Key at some point.
Ideally I would hope to see the Kerberos and SPX technologies merged
into one comprehensive (and compatible) system. How we do this, I
don't rightly know... but I think it is in everyone's interest. [Note:
I *do* expect to see the Generic API mentioned above, getting the
protocols themselves to interact is a tougher goal, and is what I am
referring to in this paragraph.]

			-Jeff