Frederic Crozat wrote:
> [EMAIL PROTECTED] (Stefan van der Eijk) writes:
>
> > I'd also like to see kerberos in Mandrake. Redhat seems to have it
> > (since 6.2?) and M$ seems to be doing "something" with it too ;-) (don't
> > flame me on this). And I'd like to see encrypted network filesystem in
> > mandrake, like CODA (if it's already in Mandrake then correct me if I'm
> > wrong --> I didn't check).
>
> Coda is in contrib :))
>
> --
> Fr�d�ric Crozat
> MandrakeSoft
I would like to see kerebos too, as part of the distro... If it is not
possible at least as part of Mandrake/security distros....
There is better than kerberos, and it is open source too, and sponsored by
the EU: Sesame:
https://www.cosic.esat.kuleuven.ac.be/sesame/
And it is kerberos compatible...
Cheers
SESAME IN A NUTSHELL
SESAME supports single sign-on to the network.
SESAME provides role based distributed access control using digitally
signed Privilege Attribute Certificates, with optional delegation of
access rights.
SESAME supports full cryptographic protection of exchanges between
users and remote applications.
SESAME supports multiple domain operation with different security
policies.
SESAME can be scaled to operate over very large networks through its
use of public key technology.
SESAME builds on work done in international standards - it is an Open
Systems solution.
SESAME uses the widely accepted Generic Security Service API (GSS-API).
The SESAME user gets mechanism transparency.
SESAME is available NOW
HOW DOES SESAME RELATE TO KERBEROS?
Similar work, aimed specifically at UNIX systems, has been done by the
Massachusetts Institute of Technology which has developed a basic
distributed single sign-on technology called Kerberos. Kerberos has been
proposed as an Internet standard (rfc1510).
In the light of this work, the SESAME project decided that in its early
implementation some of the SESAME components would be accessible through
the Kerberos V5 protocol (as specified in RFC1510), and would use Kerberos
data structures, as well as new SESAME ones. This has shown
unequivocally that a product quality approach reusing selected parts of the
Kerberos specification is workable and that a world standard is possible
incorporating features of both technologies." SESAME adds to Kerberos :
Heterogeneity, sophisticated access control features, scalability of
public key systems, better manageability, audit and delegation.
