Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!caen!uwm.edu!bionet!agate!usenet.ins.cwru.edu!cwlim!trier
From: trier@cwlim.INS.CWRU.Edu (Stephen C. Trier)
Newsgroups: comp.protocols.kerberos
Subject: Re: Kerberos for DOS-based networks
Message-ID: <1991Mar19.040317.27737@usenet.ins.cwru.edu>
Date: 19 Mar 91 04:03:17 GMT
References: <9103181609.AA25329@ATHENA.MIT.EDU>
Sender: news@usenet.ins.cwru.edu
Reply-To: trier@po.CWRU.Edu
Organization: Case Western Reserve Univ. Cleveland, Ohio, (USA)
Lines: 21
Nntp-Posting-Host: cwlim.ins.cwru.edu

From my understanding of Kerberos, it should be well-suited to a DOS
environment.  Essentially, a DOS machine's security is like a Unix
machine where every user has automatically broken into root.  Perhaps
I'm being naive, but that sounds a lot like MIT, where the Athena
workstation root password has been _published_.

I would worry more about the technical details: Making the DES routines
run on a 16-bit, backwards-byte-order machine, fitting the necessary
new commands into the memory model of your choice, and finding a decent
place to put the tickets.  (File?  Network kernel?  I don't know.)
Perhaps most of these problems have been solved already.

As for my experience with Kerberos on DOS, I think the admins here have
agreed it would be nice.  I took a brief look at doing a port, but I
did not have enough time to determine how feasible it might be.

-- 
Stephen Trier                              Case Western Reserve University
Work: trier@cwlim.ins.cwru.edu             Information Network Services
Home: sct@seldon.clv.oh.us               %% Any opinions above are my own. %%