Exporting applications that link to Kerberos

Jeffrey Altman jaltman2 at nyc.rr.com
Wed Sep 29 05:01:58 EDT 2004 

If your only concern is Windows, then you should advise your
users to obtain the MIT Kerberos for Windows distribution from
http://web.mit.edu/kerberos/.  MIT has already obtained the necessary
approvals it needs to distribute binaries and they are packaged
in a nice installer.

Jeffrey Altman


brlcad wrote:

> Some of the devs to a project I work on (a popular open source game) 
> spent some of the past week or two linking our registration system up 
> with Kerberos.  The game basically performs the necessary ticket init 
> behind the scenes against a specifically set kdc domain, gets those 
> tickets and passes them along to the game server(s) who then allow the 
> user access.  It all actually mostly works and is pretty nifty 
> conceptual proof that didn't take long.  That said -- now we're down to 
> the more practical and pedantic legal issues of whether we can actually 
> distribute the game if it links against Kerberos libraries due to export 
> restrictions.
> 
> I have read the Kerberos FAQ and see that this is mostly an issue "up in 
> the air" that should really be consulted with lawyers.  Unfortunately, 
> our little distributed team of devs around the world doesn't really have 
> the ability to do that easily, much less with our "budget".  So, of 
> course, I'm hoping I can get some insight from you kind folk that hear 
> this question much more often than I do.
> 
> In our particular distribution situation, we're in the large class of 
> folks using the SourceForge file release system, utilizing sf's servers 
> for actual distribution.  I have no idea if sf's fleet of file servers 
> blocks any or all of the 7 or so export-restricted countries that are 
> often mentioned as the only problematic ones.  I can, of course, ping sf 
> support on the issue but the bigger question is whether or not it's 
> really an issue.
> 
> While we wouldn't be distributing Kerberos sources for sure, there is 
> the possibility that we would distribute, for example, dll's for the 
> Windows folk that don't have a useable Kerberos library.  Likewise we 
> may be linking statically or dynamically on other systems.  If any of  
> those are a problem, then it's a deal-breaker since we won't impose it 
> upon our users to "get the library on their own" as part of the 
> installation process.
> 
> Thanks in advance for any advice and insight into this issue.  We'd love 
> to move forward with this and even perhaps serve as an example to other 
> open source projects/games that involve some sort of runtime 
> registration system.  Thanks again.
> 
> Cheers!
> Sean
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list