Subject: Re: Status of Kerberos IV or 5
To: Chris Jones <cjones@honors.montana.edu>
From: Johan Danielsson <joda@pdc.kth.se>
List: current-users
Date: 01/24/1998 03:09:25
Chris Jones <cjones@honors.montana.edu> writes:

> If you don't have the time for this, and are willing to give me some
> technical advice, I'd be willing to work on it.  It'll take me
> awhile, but I think I can get it done.

Since there isn't anyone maintaining X anymore, there isn't an easy
way to get other than free unices to adopt any changes you make.

For this reason you should consider scraping the present scheme
altogether, and implement something that has better support for
integrity and confidentiality. This protocol could be implemented both
in the X-server, and in a separate proxy, to be used with old X
client/servers. This might be a lot of work but, depending of what
your aim is, it might be interesing to do.

You might start to look at what `kx' does (available as part of
ftp://ftp.pdc.kth.se/pub/krb/src/krb4-0.9.8.tar.gz).  It basically
works by mimicking an X-server on the client side, and an X-client on
the server end, passing the X-protocol encrypted. This works quite
well, unless you do things that generates lots of data. The only
things that actually break are stupid clients that think a display of
:17.0 means the server is local, and tries to talk to it directly (via
some special magic), IRIX GL-apps is one example.

SSH also has some method to forward X connections (but I have never
used that).

(perhaps this should be taken off current-users; it doesn't have much
to do with NetBSD)

/Johan