Mike Burns had written:
> I was introduced to this [KLP -mdw] a few months back when I attended a Big 10 DCE
> Focus group/special projects type meeting held at PSU. They also talked
> about the SDG (Secure Domain Gateway) as other alternatives. Again, most of
> this was geared towards DCE which we are going to move to also, but we have
> AFS in place right now and I was looking for other alternatives I could use
> with our current AFS cell in case I really want to provide this before
> getting all the DCE pieces in place.
[EMAIL PROTECTED] writes:
> 4. Gradient's Web Crusader -- works with standard browsers. It puts a proxy
> server in each desktop. For normal URL's, the proxy does the normal,
> expected thing. When the proxy recognizes a URL pointing into the DFS
> filespace, it uses DCE RPC to connect to a special webserver. The RPC
> includes DCE authentication info about the requestor; the server
> authenticates, and supports DCE access control mechanisms on the web space.
> This approach requires a functioning DCE cell, and the DCE runtime in every
> desktop.
>
> This approach looks very interesting, but is completely irrelevant as a
> short term solution. (This month, we're deploying DCE -- is everybody
> ready?).
>
> There are rumors that Gradient is working on a version of this that removes
> the requirement for the DCE runtime in every desktop. That would help
> immensely, but (again) not this month (or year, for that matter).
This sounds rather like KLP. I have seen a version of KLP work with
AFS/Kerberos, running on a Macintosh, a Windows 95 machine, and AIX
3.2.5. The Macintosh version used Authman. The windows 95 version
probably uses the MIT kerberos dll, or some variation thereof. For
use with Kerberos 4, the proxy does not know how to automatically
map URL's pointing into a particular space. Instead, it's up to
the server to recognize that the client has KLP installed, and to
advertise special URL's for that client.
I don't know the exact schedule, but I know other people here (at umich.edu)
are actively pursuing this technology, with an eye towards deploying
it on campus "soon". I have no idea about licensing (or for that
matter if or how Gradient is involved), but I know people here are hoping
it will be an attractive and popular solution for other institutions as well.
(Hm. Completely irrelevant aside. Aren't Windows 95 machines supposed to
already have DCE runtime?)
-Marcus Watts
UM ITD PD&D Umich Systems Group
