Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!mips!spool.mu.edu!snorkelwacker.mit.edu!stanford.edu!SNOW-WHITE.LANL.GOV!jrc
From: jrc@SNOW-WHITE.LANL.GOV (James R. Clifford)
Newsgroups: comp.protocols.kerberos
Subject: Integrity of MIT Source
Message-ID: <9103070312.AA24199@snow-white.lanl.gov>
Date: 7 Mar 91 03:12:23 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 6

What measures have been taken to protect MIT's Kerberos software source?  We are investigating using Kerberos for our network authentication system.  For some clients and servers, building the code from the MIT source is the only available/timely alternative.  On the other hand, there are those who contend basing a large part of the campus security on software obtained from an electronic bulletin board is crazy.  Bulletin board software is where you go to pick up a virus, worm, Trojan horse, and other nast






ies they say. 

What assurances are there that the software that we ftp remains unchanged from what the authors released?  That there are no "wizard" passwords?  No debugging trap doors

Thanks,
Jim Clifford