Re: Access Authorization

Tony Sanders <sanders@bsdi.com>
Errors-To: sanders@bsdi.com
Errors-To: sanders@bsdi.com
Message-id: <9309171648.AA07724@austin.BSDI.COM>
To: www-talk@nxoc01.cern.ch
Subject: Re: Access Authorization 
In-Reply-To: Your message of Fri, 17 Sep 93 03:17:49 CDT.
Errors-To: sanders@bsdi.com
Reply-To: sanders@bsdi.com
Organization: Berkeley Software Design, Inc.
Date: Fri, 17 Sep 1993 11:48:04 -0500
From: Tony Sanders <sanders@bsdi.com>
Status: RO
Marc VanHeyningen <mvanheyn@cs.indiana.edu> sez:
> Kerberos V4 is certainly in wide use in lots of places, even here.
> Kerberos V5, however, is needed to be even marginally tolerable for
> WWW applications (V4 requires n^2 secret keys where n is the number of
> administrative domains, and is thus not scalable.)  Kerberos in
> general is, IMHO, not sufficiently scalable for WWW purposes for
> reasons I think I've blathered about before enough.
I agree with you in general but...  it's good enough for a lot of
applications.  For example, you already run Kerberos so you could provide
local secure services without any additional work.  We run kerberos here
and could use it as the basis for a distributed source code control system
or something.

So while it's not useful for authenticating people far away, it's great
for providing local services (esp if you are already running kerberos).

When we have something better (which I don't think we do yet, though I'm
hopeful that something will come along soon) then we can go with it.
Until then there are a fair number of applications for kerberos.

--sanders