Kerberos questions
James Reynolds
james at scl.utah.edu
Fri Jul 11 16:26:13 EDT 2003
During the recent Mac OS X Labs Webcast on security, these questions
came up. I listed my answers below. Do you mind looking them over
to make sure they are acurate?
--
Thanks,
James Reynolds
University of Utah
Student Computing Labs
james at scl.utah.edu
801-585-9811
--------------------------------------------------------------------------------
Q. Is Kerberos supported in Mac OS X client, or Server only?
A. Kerberos is supported in Mac OS X client.
Q. Are there any plans to work with CUPS to incorporate kerberized
authentication into CUPS (the present solution involves a klpr
backend talking to a kerberized LPRng print server)?
A. I believe Panther will have this functionality (but not sure).
Q. It sounds like the Apple Password Server is more secure than
Kerberos, because the password is not passed over the network. So
Kerberos is not the best choice? Please elaborate.
A. That is not correct. Kerberos does not send the clear text
password over the network either. In fact, Apple is embracing
Keberos in Mac OS X 10.3 by integrating it even more in the client
and server OS.
More information about the krbdev
mailing list