Version 5 of Kerberos is the most recent version. Changes in the protocol have solved a
number of security problems from version 4.
number of security problems from version 4.
MIT Kerberos Version 5
MIT Kerberos version 5 is freely available and is available from the same site as version 4 MIT
via anonymous FTP from athena-dist.mit.edu (18.71.0.38).
MIT Kerberos version 5 is freely available and is available from the same site as version 4 MIT
via anonymous FTP from athena-dist.mit.edu (18.71.0.38).
OSF DCE Security
The Open Systems Foundation (OSF) has defined a Distributed Computing Environment
(DCE) with security based on Kerberos version 5, and using the same wire protocol. However,
applications from two systems use the protocol in different ways, so the actual interoperability
between Kerberos and DCE is limited. Because DCE is defined as an open standard, it is up to
manufacturers to provide products that fit into that standard. More and more manufacturers
are providing DCE-compliant products, and it is now possible to assemble a complete DCEcompliant
security environment by selecting DCE-compliant vendors.
Bones
Kerberos is a network security system that relies on cryptographic methods for its security.
Because Kerberos’ encryption system, DES, cannot be exported, Kerberos itself cannot be exported or used outside the United States and Canada in its original form. Bones is a system
that provides the Kerberos API without using encryption and without providing any form of
security—it’s a fake that enables the use of software that expects Kerberos to be present when it
cannot be.
Note: Bones possesses the property of there being absolutely no question about its legality
concerning transportation of its source code across national boundaries. It neither
has any encryption routines nor any calls to encryption routines.
You can obtain a working copy of Bones through anonymous FTP from ftp.funet.fi
(128.214.6.100) in pub/unix/security/kerberos. A DES library is available at the same location.
SESAME
SESAME is an initiative of the European community to produce a compatible product to
Kerberos version 5. SESAME-compatible systems are accessible through Kerberos and vice
versa. SESAME makes use of DES software developed outside North America, and is not
subject to export restrictions. Information on SESAME is available from http://
www.esat.kuleuven.ac.be/cosic/sesame3.html.
No comments:
Post a Comment