Bringing Kerberos to NetWare
 
|
|||
 | |||
|
Sign up to receive this and other networking newsletters in your inbox.
There has been a fair amount of talk recently about Kerberos authentication. Kerberos is a network authentication protocol that provides strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology (web.mit.edu/kerberos/www/).
Kerberos is also available in many commercial products. We keep hearing it in reference to the authentication protocols used by Windows 2000 and Active Directory (a " Redmondized " form of Kerberos).
Lots of folks are also asking for some form of Kerberos authentication for NetWare, either as part of Novell Directory Services (NDS) eDirectory, or through the Novell Modular Authentication Service, but as far as I know, no one at Novell is working on this. However, there is a slight ray of hope.
The University of Pittsburgh is a major user of NetWare and NDS eDirectory and also has quite a lot of Unix hosts installed. It uses the Transarc Kerberos 4 authentication protocol to provide access to the dial-up modem pool, the computing labs, Internet Message Access Protocol e-mail, and the Timesharing systems. Unfortunately, it also uses an antiquated process of passing files around to create these Kerberos and Unix accounts.
Because the process that does this runs only once per day, it could take up to 48 hours for a computer account to be fully activated. Additionally, these files do not have a mechanism for updating information after the account has been created. So Pitt has created a project to automate this process, and has decided that Novell's DirXML technology - using Novell Directory Service's eDirectory as the core data store - is the right tool.
Pitt is working with Novell Consulting on this project, but you can follow its progress at www.technology.pitt.edu/itplan/cds2/
If you want to try your hand at creating a Kerberos driver for DirXML, you can get a copy of Pitt's specification at www.technology.pitt.edu/itplan/cds2/appendix.html along with a copy of the Novell Developer Kit developer.novell.com/ and do it yourself.
Check out the documentation developer.novell.com/ndk/dirxml.htm for the DirXML Driver Kit first, though, just to be sure you understand what you're getting into!
RELATED LINKS
Dave Kearns is a writer and consultant in Silicon Valley. His most recent book is "Peter Norton's Complete Guide to Networks" published by SAMS. Dave's company, Virtual Quill, provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more at Virtual Quill or by e-mail at info@vquill.com
NetWare archive
Past newsletters.
