| Title: | DECmcc user notes file. Does not replace IPMT. |
| Notice: | Use IPMT for problems. Newsletter location in note 6187 |
| Moderator: | TAEC::BEROUD |
| Created: | Mon Aug 21 1989 |
| Last Modified: | Wed Jun 04 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 6497 |
| Total number of notes: | 27359 |
What are current implementations doing to authenticate users and clients? My understanding is that we're just around the corner from having reliable "unspoofable" authentication services. But that they aren't at a point where I can IFT a product with them in 9 months. Because some of our products are in a position to control access to data, in particular data on removeable media, we're considering something based on a "shared secret" between users and the system and between clients and the servers. Are there implementations doing similar things, or is everybody waiting for DASS/Kerberos/DECdas? Thanks.
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 241.1 | TOOK::SWIST | Jim Swist LKG2-2/T2 DTN 226-7102 | Wed Aug 08 1990 12:56 | 14 | |
It is my impression that everyone is waiting around for
Kerberos/DASS/etc and taking the position that their product will
do nothing to make existing VMS/Ultrix security any worse in the
interim.
It is interesting to note that this is typically NOT the position taken
with respect to waiting for other corporate architectures. Usually
an interim solution is implemented with the understanding it will
migrate to the standard at some later point.
But everyone's afraid of being on the receiving end of a Computerworld
article like "DECmcc bug allows Iraqii hackers to penetrate DoD net..."
| |||||