Return to BSD News archive
Xref: sserve comp.sys.powerpc:31164 comp.sys.intel:28079 comp.os.misc:3666 comp.unix.bsd:15820 comp.unix.pc-clone.32bit:7971 comp.unix.sys5.r4:9013 comp.unix.misc:15412 comp.os.linux.development:22071 comp.os.linux.misc:32829 comp.os.linux.misc:32830 comp.os.386bsd.development:2978 comp.os.386bsd.misc:4678 Path: sserve!newshost.anu.edu.au!munnari.oz.au!bruce.cs.monash.edu.au!harbinger.cc.monash.edu.au!msunews!uwm.edu!psuvax1!psuvax1.cse.psu.edu!schwartz From: schwartz@galapagos.cse.psu.edu (Scott Schwartz) Newsgroups: comp.sys.powerpc,comp.sys.intel,comp.os.misc,comp.unix.bsd,comp.unix.pc-clone.32bit,comp.unix.sys5.r4,comp.unix.misc,comp.os.linux.development,comp.os.linux.misc,comp.os.linux.misc,comp.os.386bsd.development,comp.os.386bsd.misc Subject: Re: Interested in PowerPC for Linux / FreeBSD / NetBSD? Date: 31 Dec 1994 05:20:50 GMT Organization: Penn State Comp Sci & Eng Lines: 72 Message-ID: <SCHWARTZ.94Dec31002050@galapagos.cse.psu.edu> References: <3cilp3$143@news-2.csn.net> <3d4ucp$sbn@hearst.cac.psu.edu> <SCHWARTZ.94Dec27155146@galapagos.cse.psu.edu> <D1nL8D.8GE@indirect.com> NNTP-Posting-Host: galapagos.cse.psu.edu In-reply-to: wes@indirect.com's message of Sat, 31 Dec 1994 02:21:48 GMT wes@indirect.com (Barnacle Wes) writes: Perhaps you should read the white paper on the weaknesses of Kerberos prepared by bellcore; it will disabuse you of these notions. Are you thinking of Bellovin and Merritt's "Limitations of the Kerberos Authentication System"? That wasn't a white paper, it was published in CCR, and it was from Bell Labs, not Bellcore. And you should reread the conclusion which says that using kerberos will dramatically improve your situation. No system is perfect, but that's no reason to do nothing! Why is lack of authentication in a network file system a manifest defect? Because it means that random people can delete all your files. Just like in MS-DOS. Why would the millions of users on trusted local-area networks using NFS, or NetWare for that matter, need to have some complicated, buggy, unproven authentication system jammed down their throats in order to share disks between their computers? Huh? I'm proposing that they use a straightforward, reliable, system proven by years of experience and slated to become an internet standard, in order to reliably, safely, and securely share filesystems between their computers. Ooops, I forgot - you're the only *important* user on the planet, aren't you? Whatever you say. But just out of curiosity, do you type a password when you log on? If so, is it just for fun, or does your os actually use it for something? Any many would contend that since it is freely available, it is *obviously not a viable mechanism*. Who's going to support it? OpenVision? Yeah, right. MIT? Not hardly. Cygnus, Digital, OSF, Transarc, Sun. Whoever sells it to you. Just like X. You also completely missed my point: Kerberos, or any other "authentication" scheme, is not a panacea for computer security. No, that's what *I* said. Kerberos is merely much, much better than the status quo, which is no security at all. Don't get me wrong, I agree that a distributed file system with strong authentication is a must-need product for many organizations (dare I say 'enterprises'?). Uh... ok. Such a product is *not*, however, needed by *everyone* who wants to share files or disk drives with his neighbor in the next office, Fine, but given the must-have thing you mention just above, they can just use that with no hassles. Why have two things in the os when one will do? And perhaps you should consider using AFS, We do. Works great. or since you know so much about this, you should develop KFS and make it available to all us idiots too stupid to realize that NFS, which has supported us for 10 years now, is woefully inadequate. NFS has all the machinery it needs to do the right thing. It was designed with hooks for a real authentication system, Sun ships one with their os, all your vendor needs to do is plug in kerberos instead.