Message-ID: <725680.1075858446930.JavaMail.evans@thyme> Date: Thu, 7 Jun 2001 13:20:01 -0700 (PDT) From: novellnetware@bdcimail.com To: kamins@enron.com Subject: Bringing Kerberos to NetWare Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-From: NW on Novell NetWare @ENRON X-To: kamins@enron.com X-cc: X-bcc: X-Folder: \Vince_Kaminski_Jun2001_10\Deleted Items X-Origin: Kaminski-V X-FileName: vkamins.pst NETWORK WORLD NEWSLETTER: DAVE KEARNS on NOVELL NETWARE 06/07/01 - Today's focus: Bringing Kerberos to NetWare Dear Wincenty Kaminski, In this issue: * University of Pittsburgh develops Kerberos authentication for NetWare * Links related to Novell NetWare * Featured reader resource _______________________________________________________________ NetSmart- Your skill building destination You've eyed your dream job. Do you have the latest skills to get it? Visit NetSmart - the premier source for IT Learning. Register for the certification, training program, seminar or boot camp to help you land the job of your dreams. Visit http://nww1.com/go/2936451a.html today. _______________________________________________________________ Today's focus: Bringing Kerberos to NetWare By Dave Kearns There has been a fair amount of talk recently about Kerberos authentication. Kerberos is a network authentication protocol that provides strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology (http://web.mit.edu/kerberos/www/). Kerberos is also available in many commercial products. We keep hearing it in reference to the authentication protocols used by Windows 2000 and Active Directory (a "Redmondized" form of Kerberos). Lots of folks are also asking for some form of Kerberos authentication for NetWare, either as part of Novell Directory Services (NDS) eDirectory, or through the Novell Modular Authentication Service, but as far as I know, no one at Novell is working on this. However, there is a slight ray of hope. The University of Pittsburgh is a major user of NetWare and NDS eDirectory and also has quite a lot of Unix hosts installed. It uses the Transarc Kerberos 4 authentication protocol to provide access to the dial-up modem pool, the computing labs, Internet Message Access Protocol e-mail, and the Timesharing systems. Unfortunately, it also uses an antiquated process of passing files around to create these Kerberos and Unix accounts. Because the process that does this runs only once per day, it could take up to 48 hours for a computer account to be fully activated. Additionally, these files do not have a mechanism for updating information after the account has been created. So Pitt has created a project to automate this process, and has decided that Novell's DirXML technology - using Novell Directory Service's eDirectory as the core data store - is the right tool. Pitt is working with Novell Consulting on this project, but you can follow its progress at http://www.technology.pitt.edu/itplan/cds2/ If you want to try your hand at creating a Kerberos driver for DirXML, you can get a copy of Pitt's specification at http://www.technology.pitt.edu/itplan/cds2/appendix.html along with a copy of the Novell Developer Kit http://developer.novell.com/ and do it yourself. Check out the documentation http://developer.novell.com/ndk/dirxml.htm for the DirXML Driver Kit first, though, just to be sure you understand what you're getting into! _______________________________________________________________ To contact Dave Kearns: Dave Kearns is the Word Wrangler for Virtual Quill, a writing agency serving the computer and networking industries. If your target customer doesn't know your product, doesn't know its uses and doesn't know he needs it, he's not going to buy it. From books to reviews, marketing to manuals, VQ can help you and your business. Virtual Quill - "words to sell by..." Find out more at: http://www.vquill.com/, or by e-mail at mailto:info@vquill.com. _______________________________________________________________ RELATED EDITORIAL LINKS Breaking Novell and NetWare news, updated daily: http://www.nwfusion.com/news/financial/novell.html Archive of the Novell NetWare newsletter: http://www.nwfusion.com/newsletters/netware/index.html ______________________________________________________________ FEATURED READER RESOURCE User Excellence Award If you've completed an interesting network project in the last 12 to 18 months, here's your chance to gain industry recognition for it. Network World is currently accepting nominations for its annual User Excellence Award. For more information and an online nomination form, go to http://www.nwfusion.com/nw/awards.html#excellence Deadline for submission is June 11. _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Fusion Sales Manager, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2001 ------------------------ This message was sent to: vkamins@enron.com