Kerberos Outside the US?

← Back to Stories (view on slashdot.org)

Posted by Cliff on Saturday January 15, 2000 @10:05PM from the encryption-for-the-masses dept.

v1z asks: "I'm administrating a small LAN with semi-public terminals and have been trying to locate a usable version of kerberos, that is available for use in Norway (ie outside the US). I've been looking for the bones, and e-bones package without success, and I'm wondering what I've missed? Is there no working kerberos.v5-like system available outside the US? Kerberos is appealing because it uses secret-key cryptocraphy within a good design, simplifying and removing many concerns with asymetric encryption, and because most ppl more easyily grasp the security-issues involved. On a side note: windows 2000 is said to incorporate kerberos.v5 - how does this relate to US-export-regualtions?"

3 of 65 comments (clear)

Min score:

Reason:

Sort:

Win2k security by the+way · 2000-01-15 19:19 · Score: 4

Windows 2000 128 bit security can be downloaded from the WindowsUpdate web site, which is linked directly from the start menu (I'd provide a URL, but you can't see the site without using Win2k or forging your HTTP headers). It is restricted to US downloads. AFAIK, the same security is available in export copies at the 40 bit (or 56 bit?) level.

Of course, you can download the 128 bit version by just going through a US based proxy, but I don't know whether the resultant code would be legally usable in Norway. (I mention this only for completeness, and don't in anyway recommend or sanction that approach).

BTW, Win2k VPN security seems pretty good now--the old broken PPTP protocols have been completely replaced, as far as I can tell. Mind you, I'm sure Schneir (sp?) will find a way to break it within a couple of days of official release! (It is MS Encryption, after all...)
Re:Kerberos by jeroenb · 2000-01-15 17:47 · Score: 4

OpenBSD Kerberos(1):
The Kerberos system authenticates individual users in a network environment. After authenticating yourself to Kerberos, you can use network utilities such as rlogin, rcp, and rsh without having to present passwords to remote hosts and without having to bother with .rhosts files. Note that these utilities will work without passwords only if the remote machines you deal with support the Kerberos system.
For more, read it online at http://www.openbsd.org/cgi-bi n/man.cgi?query=kerberos.
eBones by Detritus · 2000-01-15 17:31 · Score: 5

FreeBSD has a version of Kerberos that is available outside the US. From the FreeBSD 3.3 release notes:
The latest versions of export-restricted code for FreeBSD (2.0C or later) (eBones and secure) are also being made available at the following locations. If you are outside the U.S. or Canada, please get secure (DES) and eBones (Kerberos) from one of the following foreign distribution sites:
South Africa
ftp://ftp.internat.FreeBSD.ORG/pub/FreeBSD
ftp://ftp2.internat.FreeBSD.ORG/pub/FreeBSD
Brazil
ftp://ftp.br.FreeBSD.ORG/pub/FreeBSD

Finland
ftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt

--
Mea navis aericumbens anguillis abundat