Project Athena

[j.lee]

In <%M_*_#*@ads.com> henry at ADS.COM (Henry Mensch) writes:

>there is nothing of value (i.e., user data, service provision) on an
>workstation in an Athena-style environment.  this concept is that of
>the dataless workstation; in this model, your workstation is like a
>public telephone: you authenticate to it (with your Kerberos private
>key/"password" for the workstation; with  your calling card or other
>payment method to the public telephone), and you use it.  there's
>nothing on the phone which guarantees you privileged access to any
>other phone user's data on the network, and the same goes for the
>Athena workstation.  

I have read several of the Kerberos papers, but two questions remain:

(1) Sure, the central servers don't have to trust my workstation, but
I (as an end-user) do.  How can I be sure that when I walk up to a
workstation with a login prompt that I can trust the "login" code?
Workstations are NOT like telephones in that they are smart devices
and can easily be reprogrammed.

(2) End-users authenticate themselves by typing in a password.  How
do servers authenticate themselves?  Is the service password compiled
into the binary, and if so, how do you protect both the binary and the
source?

>you can educate yourself; there are papers available which describe the
>various Athena network services ... FTP to ATHENA-DIST.MIT.EDU ...
>look in the pub directory.

If the answers to these questions really are in the papers, feel free
to tell me so.  However, the last time I looked into Kerberos, these
issues were not covered in the papers I read.

Jeff Lee 	jlee at sobeco.com || jonah at cs.toronto.edu