Keywords: Kerberos, Trusted Hosts, Food for Thought
Sender: deal@tempus (Stephen M. Deal)
Reply-To: deal@Kodak.COM
Organization: Eastman Kodak Company
Distribution: na
Date: Fri, 20 Nov 92 03:23:45 GMT
Lines: 24
One major implication of distributed processing (of which C/S is but one manifestation) is that of authentication.
Example: I have a Benefits database for a company of 100k employees. How can I enable each employee to review their benefits without giving each employee an account on the server machine?
How do you authorize a client? Can you even trust a client? Perhaps those clients executing on a node that has password protection (e.g. UNIX, VAX/VMS) can be trusted but what about single tasking nodes that run a Disk Operating System (a.k.a. DOS)?
Will a user on a untrustworthy client have to log in to every server to which they make a request? :-(
Kerberos (from MIT's Project Athena) provides a glimmer of hope but I have not seen any C/S vendor embrace this approach.
Has anyone given much thought to client authentication on PCs and Macs? Does anyone have any thoughts on how a server (DB or otherwise) would handle such a mechanism?
