Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!cs.utexas.edu!usc!apple!oliveb!pyramid!prls!philabs!Sandeep
From: Sandeep Mehta@bebop (Sandeep Mehta)
Newsgroups: comp.unix.questions
Subject: Re: Servers, sockets & security
Message-ID: <60242@philabs.Philips.Com>
Date: 27 Jul 89 12:18:20 GMT
References: <2914@mit-caf.MIT.EDU> <2293@auspex.auspex.com>
Sender: news@philabs.Philips.Com
Reply-To: Sandeep Mehta@bebop (Sandeep Mehta)
Distribution: na
Organization: Autonomous Systems, Philips Labs, Briarcliff Manor, NY
Lines: 19
In-reply-to: guy@auspex.auspex.com (Guy Harris)

In article <2293@auspex.auspex.com>, guy@auspex (Guy Harris) writes:
>
>Another way might be to use some mechanism such as Kerberos, and require
>the client to provide some sort of validated cookie to prove who they
>are.

Yup, using a proven authentication protocol, such as Kerberos, seems to
me to be the best way to go. Using a encyrpted key you can do correct
authentication in at least 4 or more encryptions+decryptions.  Kerberos
reaches authentication at the cost of synced clocks (if clients/servers
are across machine boundaries) because it is time-stamp based. I don't
know the performance degradations of using correct authentication in
your application but with >= 4 encrypts+decrypts it's probably
non-trivial.

sandeep
--
Sandeep Mehta                                       ...to be or not to bop ?
uunet!philabs!bebop!sxm                             sxm@philabs.philips.com