On 15 Jan 1999, Anil B. Somayaji wrote:

> I was thinking of running a kerberized coda setup.  We're currently
> running NFS in our department, so it isn't as if things are really
> secure at the moment; however, it would be nice to set things up to do
> real authentication.  Is anyone else doing this?  Should I bother?
> (We already have a kerberos server set up in our department (I'm not
> sure which version), with its only duty being to authorize ppp access.
> It would be nice if it could be used to do something more
> substantial.)

Anil,

I'll leave someone else to answer the rest of the questions, but since I
am responsible for the first iteration on Kerberos code, I'll answer
yours.  Adding kerberos support consists of downloading a file and adding
a define somewhere.  However, you should know that Coda currently supports
only trivial (XOR) encryption, and doesn't even use that very often.  It
also does not support integrity checking.  As such, it looks a lot like
traditional NFS security (currently).  I am in the process of finishing up
enhanced security code (strong encryption, integrity checking using
hashes, etc).  Kerberos will provide you with the single password
arrangement as it doesn't require anything but tickets to acquire tokens,
but it won't improve security any until the security code becomes
available in the next Coda release.

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/