Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!decwrl!stanford.edu!SNOW-WHITE.LANL.GOV!jrc
From: jrc@SNOW-WHITE.LANL.GOV (James R. Clifford)
Newsgroups: comp.protocols.kerberos
Subject: Integrity of MIT source
Message-ID: <9103072250.AA26791@snow-white.lanl.gov>
Date: 7 Mar 91 22:50:55 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 6

What measures have been taken to protect MIT's Kerberos software source?  We are investigating using Kerberos for our network authentication system.  For some clients and servers, building the code from the MIT source is the only available/timely alternative.  On the other hand, there are those who contend basing a large part of the campus security on software obtained from an electronic bulletin board is crazy.  "Bulletin boards are where you go to pick up viruses, Trojan horses, and other nasty social di




seases", they say. 

What assurances are there that the software that we ftp remains unchanged from what the authors released?  That there are no "wizard" passwords?  No debugging back doors?  Are vendor releases of Kerberos likely to be any better?

Thanks,
Jim Clifford