[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos

>From: "David J. Bianco" <[email protected]>
Date: Sun, 24 Sep 1995 16:32:30 -0400

>The Open Software Foundation's Distributed Computing Environment has the
>concept of a central security registry (which is currently based on
>Kerberos).  I haven't delved too deeply into them, but the OSF website has
>some DCE RFCs about adding public key capabilities to the registry.  They
>should be off the OSF home page somewhere at <http://www.osf.org>.

Sort of.  The DCE registry isn't really based on Kerberos.  Rather, DCE
uses Kerberos code to do its private-key stuff.  We're planning on adding
the ability to use public key to get initial tickets to the security server.
Outside of integration with other security domains, this means that the
security server no longer needs to store everyone's private key, reducing
exposure if it's been cracked.

If anyone wants more details on how current or planned DCE security,
drop me a line.  Perhaps some of the other folks on this list who also know
about it will speak up, too.
	/r$, DCE whipping boy