(Illustration by Gaich Muramatsu)
On 15 Jan 1999, Anil B. Somayaji wrote: > I was thinking of running a kerberized coda setup. We're currently > running NFS in our department, so it isn't as if things are really > secure at the moment; however, it would be nice to set things up to do > real authentication. Is anyone else doing this? Should I bother? > (We already have a kerberos server set up in our department (I'm not > sure which version), with its only duty being to authorize ppp access. > It would be nice if it could be used to do something more > substantial.) Anil, I'll leave someone else to answer the rest of the questions, but since I am responsible for the first iteration on Kerberos code, I'll answer yours. Adding kerberos support consists of downloading a file and adding a define somewhere. However, you should know that Coda currently supports only trivial (XOR) encryption, and doesn't even use that very often. It also does not support integrity checking. As such, it looks a lot like traditional NFS security (currently). I am in the process of finishing up enhanced security code (strong encryption, integrity checking using hashes, etc). Kerberos will provide you with the single password arrangement as it doesn't require anything but tickets to acquire tokens, but it won't improve security any until the security code becomes available in the next Coda release. Robert N Watson [email protected] http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/Received on 1999-01-19 00:34:41