Date: 18 Feb 91 20:24:21 GMT From: gregh@aplcomm.JHUAPL.EDU (Robert G. Hollingsworth) To: kerberos@shelby.Stanford.EDU Several months ago, I sent out a query to this group about vendor support for Kerberos. I'd like to run Kerberos on some of our hosts, but this requires that Kerberized client software on a variety of hosts. The only way I'm going to be able to run Kerberos here is if I can I can get 'out of the box' Kerberos clients that require minor configuration changes. I received some feedback from my original posting that hinted that I might someday be able to obtain Kerberized client software for Macs and PC's, and that Ultrix 4.0 was being shipped with Kerberos. Sounded like there might be a chance of running it here someday. Recently I have heard that DEC is taking Kerberos, incorporating RSA into it, and redistributing it widely. I read through their literature (I'm no cryptography expert), it sounded like a reasonable addition to me. Now I fear that I'm going to have a set of DEC hosts that run RSA Kerberos, and a set of client systems that run standard Kerberos. Can anyone comment on what I can expect to see in the future in the Kerberos arena. Will we ever be able to use Kerberos in our large heterogeneous network? Greg
Date: Mon, 18 Feb 91 22:50:18 -0500 From: Jeffrey I. Schiller <jis@MIT.EDU> To: gregh@aplcomm.JHUAPL.EDU Cc: kerberos@MIT.EDU In-Reply-To: Robert G. Hollingsworth's message of 18 Feb 91 20:24:21 GMT <368@aplcomm.JHUAPL.EDU> DEC will be offering an authentication system which I believe will be called "SPX" (formerly known as Sphinx). SPX is not Kerberos with RSA added. It is a separate system which is based on RSA Public Key Encryption. SPX offers a lot of the same features of Kerberos, but is not a Kerberos spinoff. The good news is that the SPX developers and the Kerberos developers have been in touch with each other. Our hope is to offer a generic application programmer's interface (Generic API) that will work with either SPX or Kerberos. This would also support the linking of applications so as to allow them to operate in either an SPX or Kerberos environment. We have also begun preliminary internal discussions on how to integrate public key technology directly into Kerberos. For now this is a back burner project at MIT (V5 needs to get out the door!). ... Can anyone comment on what I can expect to see in the future in the Kerberos arena. Will we ever be able to use Kerberos in our large heterogeneous network? Expect to see Kerberos enhanced to support Public Key at some point. Ideally I would hope to see the Kerberos and SPX technologies merged into one comprehensive (and compatible) system. How we do this, I don't rightly know... but I think it is in everyone's interest. [Note: I *do* expect to see the Generic API mentioned above, getting the protocols themselves to interact is a tougher goal, and is what I am referring to in this paragraph.] -Jeff