On Tue, Apr 30, 2002 at 10:56:33PM -0500, Bob Tanner wrote:
> Anyways, with openssh, ssl, generic TLS stuff. Is kerberos necessary
> still?

Although Kerberos may be old tech, it's not dead tech.  If it were, The
Collective, [read Micro$oft], would not have "embraced and extended" it.
It may no longer be the defacto standard, as a result of the software
you listed above, but it is still a powerful security model.  Because
Kerberos /is/ used in the Win2k and WinXP network model, and because
there are plenty of people on campus who still use these operating
systems, it becomes necessary to integrate once again.

There has been some chatter about different departments setting up their
own Kerberos schema, but that's about as far as it gets.  We all have
more pressing projects to attend, and Kerberos always seems to find its
way to the back-burner.  Why?  It's much easier to set up an sshd daemon
than it is to set up a Kerberos network. ;-)

Frankly, I would love to do other things to enhance security before
incorporating Kerberos.  i.e. NFS over TCP+ssl, etc.

-- 
Chad Walstrom <chewie at wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020501/96786cd6/attachment.pgp