Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: bh@cs.brown.edu
Newsgroups: comp.sys.sun
Subject: workstation security
Keywords: SunOS
Message-ID: <8904211745.AA01394@sunup.cs.brown.edu>
Date: 6 May 89 00:13:13 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 17
Approved: Sun-Spots@rice.edu
Original-Date: Fri, 21 Apr 89 13:45:12 EDT
X-Sun-Spots-Digest: Volume 7, Issue 268, message 21 of 21

It would seem that the "best way" to deal with network security involves a
network-wide authentication service (Kerberos, etc).  The efforts to make
an individual workstation (or any machine not behind a locked machine room
door) difficult to halt or boot in some sort of maintenance-mode (single
user, diag mode, etc) still don't guarantee that some server can trust the
client workstation and only make normal servicing more difficult.

For example, in the Sun boot prom you could easily (:-) ) L1-A the
machine, use the a prom command to update some memory location such as the
uid field of some user structure to say... 0, and then ``c'' back...
and....

Is Sun (or any one else) working on product involving Kerberos or
something like it?  Is this were Sun is going with C2 security and secure
NFS?

Bent