Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!ll-xn!mit-eddie!bloom-beacon!athena.mit.edu!wesommer From: wesommer@athena.mit.edu (William Sommerfeld) Newsgroups: comp.protocols.tcp-ip Subject: Re: rsh equivalent Message-ID: <3324@bloom-beacon.MIT.EDU> Date: 28 Feb 88 20:10:31 GMT References: <23511@hi.unm.edu> Sender: daemon@bloom-beacon.MIT.EDU Reply-To: wesommer@athena.mit.edu (William Sommerfeld) Organization: Massachusetts Institute of Technology Lines: 34 Keywords: rsh Summary: Wait a month. In article <23511@hi.unm.edu> cyrus@hi.unm.edu (Tait Cyrus) writes: >I have heard of other Universities defining their own protocols to >accomplish distributed processing without the big security holes. >I would appreciate ANY information any of you might have concerning >such protocols/utilities and their possible availability. We should have something for you in about a month.. the Kerberos[1] authentication system developed here at Athena should be released in "about a month". It's written in C, and is known to work on the VAX and RT/PC (both running 4.3BSD UNIX), the Sun (release 3[?]), and partially (subject to memory restrictions and the lack of an operating system) on the IBM PC. We use DES as the encryption algorithm; we will [probably] ship a reasonably fast software DES to US sites, while international sites may have to find their own DES implementation[2]. Note that kerberos is not a panacea (is anything?); you still have to be careful about how you choose your password and where you type it; kerberos allows you to avoid sending your password over the network in the clear, but it can't prevent you from doing that if you so choose. If you make your files globally writable, Kerberos can't save you. We have kerberos-authenticated versions of rlogin, rsh, rcp, and NFS; we haven't done kerberos authenticated telnet or ftp [yet?], mostly because we don't use either protocol very much internally. Bill Sommerfeld MIT Project Athena [1] Kerberos is the Greek name for what the Romans called Cerberus, the three headed dog guarding the entrance to Hell. [2] Flames about DES exportability to /dev/null please; we'd prefer to believe John Gilmore's analysis of the laws, but we'd rather not find out the hard way that he was wrong.