[Spread-users] Kerberos and spread...

Jonathan Stanton jonathan at cnds.jhu.edu
Tue Sep 18 22:59:01 EDT 2001


On Mon, Sep 17, 2001 at 03:51:52PM -0700, Sean Chittenden wrote:
> Howdy 'all.  Quick question to see if anyone's heard of any work being
> done with kerberos and spread.
> 
> 1)  Kerberos authenticated/encrypted data would be pretty slick, IMHO 
> and I wonder if anyone's ever looked at this possibility.

I only know about Kerberos at a high level, so please inform me if what I
say doesn't make sense.

If I get your point, the above is the idea of using Kerberos to
authenticate users of Spread and encrypt data sent over Spread? And your
point 2 below is about using Spread to replicate data between Kerberos
servers?

So if I understood, then we have been working on a general approach to
point 1 (not with kerberos particularly, but a general framework for any
authentication and access control system). Take a look at the recent
published paper and tech report at:

http://www.cnds.jhu.edu/publications/index.html#access_control

The Tech report has more information and longer code examples. We didn't
mention Kerberos as a case study, but we did several other known protocols
(like PAM and SecureID).

We have an ongoing research project on building secure group
communications. The Secure Spread page has some more info.

http://www.cnds.jhu.edu/research/group/secure_spread/

> 2)  Why use kprop and kpropd when you could have an event driven update
> mechanism based on spread.  Adding the hooks to kadmind to update and
> replicate small bits of data to various hosts seems pretty reasonable,
> esp if #1 is an accomplished task.  Updating keytabs, for instance, would
> be invaluable in supplanting many of the arguments for Active Directory.

This we havn't talked about at all, it sounds like it very well might be
quite interesting.
> 
> Anyway, I was wondering if anyone, esp on the research end of spread, 
> has heard of such activities or know of any initiatives along those 
> lines.  Thanks.  -sc

We are definitely interested in these issues of security and distributed
systems. I'll ask and see if anyone else knows more about Kerberos
projects.

Jonathan
--
-------------------------------------------------------
Jonathan R. Stanton         jonathan at cs.jhu.edu
Dept. of Computer Science   
Johns Hopkins University    
-------------------------------------------------------





More information about the Spread-users mailing list