Kerb/PKI Infrastructure - Who's on first?
STEWARD, Curtis (Jamestown)
Curtis.Steward at trw.com
Mon Oct 7 18:21:28 EDT 2002
Help, I'm thoroughly confused. What is the best recommended direction for
single
authentication being proposed by the IETF, or is there? I can see Kerb
feeding public key
applications a TGT or visa versa from PKI app's with PKINIT. It looks clear
to me the PKI infrastructure
has been set by the IETF, but I'm getting tired looking for a common
approach and sorting through
RFC's. Is Kerb/PKI a pipe dream, should the infrastructure center around
the TGT or a RSA key,
or do I have to run both? I'm not sure where KINK fits in, but this is what
I'd like:
Single OS signon regardless of OS, Kerberos, etc must coexist & send
or receive
authentication (RSA?).
This same sign-on would provide RSA authentication to SSH, SSL/TLS,
S/MIME, PKIX and IPSEC.
I don't want to run two or parallel authentication schemes.
Cybersafe has there product, but is this the right approach? The OpenGroup
has
their PKI, but what about host authentication at login?
I have searched literally for days to understand how should one authenticate
symetrically or asymetrically, etc. Is there a best practice approach here.
I prefer
an opensource solution, and the closest I can come is with Heimdal and the
typical
opensource tools for shell, transport, email, etc. Any contact, explanation
or doc would
be great, TIA..
cs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/kerberos/attachments/20021007/b51cfd21/attachment.htm
More information about the Kerberos
mailing list