Path: utzoo!attcan!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!agate!shelby!BTC.KODAK.COM!lauer
From: lauer@BTC.KODAK.COM (Hugh C. Lauer)
Newsgroups: comp.protocols.kerberos
Subject: Do we really want Kerberos?
Message-ID: <8912011500.AA06945@hotspur>
Date: 1 Dec 89 15:00:47 GMT
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 40

I have been reading the various published material on Kerberos, and I
am interested.  My question is, will it go some way to solving our problem?

Here is my situation -- we have a large and rapidly growing software
development organization spread across about six sites nationwide. 
People from different sites work very closely with each other on
particular projects, and there are a lot of projects.  Thus, for
example, a developer in Santa Monica will need to login to and update a
directory on a host in Bedford, while another will have to update
something on a host in Rochester.  A typical user is a member of more
than one project.

Managing the authentication of the users across sites is a horrendous
undertaking -- even managing the recognition of users' names at the
different sites is difficult.  I really would like the local site
administrators to manage their own users, but I want the users to be
recognizable at our other sites.  In particular, they need to be
recognizable both when they travel physically and when they travel only
via the wide area network.

Ideally, it should be possible for me to walk up to any machine in my
department in any of my locations, type my name and password, and have
the same authorities that I would have had from my
own workstation.  Moreover, I really want it to establish my own
environment wherever I am.  Sun Yellow Pages and Apollo's Domain system
both did this for me, but only within the confines of my local
facility, not three thousand miles away

A wrinkle in all of this is that as large as we are, we are only a
small department in a giant corporation.  Most of the rest of the
corporation is still in the stone age as far as computer networking is
concerned, so we are leading the way.  Among other things, we will need
to be adding new client groups (possibly at different sites) from time to time.

So my question is, will Kerberos be a useful tool for me?  What other
tools will also help?

Thanks,

/Hugh C. Lauer


Brought to you by Super Global Mega Corp .com