Seth Arnold wrote: >My biggest complaint against Kerberos is that it basically tries to >replicate Public Key Crypto with nothing but Symmetric Crypto. > Never say that in front of Peter Honeyman, unless you *really* want to hear about it :) Honeyman hates public key, and that's a big part of why U.Michigan is a major kerberos site. >As near as I can tell, Kerberos is much like NFS: In use because it was >first, not because it is the best possible solution. > Kerberos is a big-site SSO (Single Sign On) solution. It may suck, but many commercial SSO solutions suck worse. SSO is a vital piece of infrastructure for many large organizations, but it is a devilishly hard system to engineer correctly. Large site admins who have been mandated to provision SSO should consider Kerberos along with other solutions. Everyone else should just use SSH or stunnel. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 20:00:27 PDT