Subject: Re: Status of Kerberos IV or 5
To: Chris Jones <cjones@honors.montana.edu>
From: Johan Danielsson <joda@pdc.kth.se>
List: current-users
Date: 01/22/1998 20:38:22
Chris Jones <cjones@honors.montana.edu> writes:
> I also remember corresponding with somebody who said he had a set of
> patches for the X server and xhost. That would just be the cat's
> meow, but it seems like there was some major logistical problem with
> it. I *think* the problem was that the patch was written for
> krb5-1.0beta6, and the API changed from that release to krb5-1.0 and
> its successors.
X11R6 has always had some kind of support for using Kerberos 5 as an
authentication mechanism. I don't know if it ever worked, but even if
it did, it doesn't look like that part of the code has been touched
since R6.1. This could be fixed, but will not really solve any
security issues with X. For that you need some kind of integrity
protection. Still it would be better than using cookies.
/Johan