Path: utzoo!utgpu!jarvis.csri.toronto.edu!helios.physics.utoronto.ca!ists!yunexus!davecb
From: davecb@yunexus.UUCP (David Collier-Brown)
Newsgroups: comp.protocols.kerberos
Subject: Re: Do we really want Kerberos?
Message-ID: <5609@yunexus.UUCP>
Date: 4 Dec 89 14:27:12 GMT
References: <8912011500.AA06945@hotspur>
Organization: York U. Computing Services
Lines: 22

lauer@BTC.KODAK.COM (Hugh C. Lauer) writes:
>Managing the authentication of the users across sites is a horrendous
>undertaking -- even managing the recognition of users' names at the
>different sites is difficult.  I really would like the local site
>administrators to manage their own users, but I want the users to be
>recognizable at our other sites.

  Well, you've described a problem set that daemons like Hesiod (sp?)  and
Kerberos are part of the solution to.  As you might guess, they're necessary
but not sufficent...

  In the case you describe, you will need to at least simulate a distributed
directory of users (ie, you can have N independant and update them every
so often) and one or more Kerberoi, all agreeing to cooperate.  The latter
should be a good configuration to ask this group about...

--dave
-- 
David Collier-Brown,  | davecb@yunexus, ...!yunexus!davecb or
72 Abitibi Ave.,      | {toronto area...}lethe!dave 
Willowdale, Ontario,  | Joyce C-B:
CANADA. 416-223-8968  |    He's so smart he's dumb.