Ok folks... Here's a brief summary... 1. The main difference between MIT Kerberos and kaserver is the method by which user passwords are stored as DES keys in the database. 2. A minor difference is that the MIT Kerberos implementation does not use a shared database, and therefore there is a master site which only periodically propogates changes to the slaves. Ubik requires that you talk to the "sync site", which then automatically propogates changes to the slaves. However, concerning security: o The kaserver is tightly coupled with other services (prserver, vlserver, and bosserver), thus rendering the "authentication system" as secure as its components. The MIT Kerberos server may run on a separate secure machine, thus isolating it from the complexity of other subsystems by which the entire private-key system can be compromised. However, if you run an MIT Kerberos server on a machine providing a lot of other services, this net benefit is lost. o The string_to_key functions are different. The MIT one does not include in it the "cell name" as a parameter. This does mean that if you have one Kerberos database in clear-text form that you can possibly compromise a user in another realm IF they have the same password. o If you have access to the clear-text database, you can run dictionary attacks on either system. Also, it has been pointed out that you can request a TGT for a user via MIT Kerberos and then with the encrypted packet, you can then do a dictionary attack offline. However, the kaserver is also susceptible to this attack since it also responds to MIT Kerberos ticket requests, so there is no advantage in one system over the other in this respect. o As a counterpoint, the kaserver can be attacked during the initial growth of the cell. When the cell is first generated, there are various things that are predictable about the database allowing its compromise for all time for someone watching the growth of new cells; all one needs to do is have a script that once a day polls a cell and determines the various new keys. As for interoperability, the only problems are for those clients requesting a password. Both systems implement the Kerberos protocol and can therefore be used by a user to requests for various services. Cross-realm keys can be setup, though because passwords hash to different keys, a DES key (8 bytes) must be chosen and shared, rather than the password. -Richard
