NETWORK WORLD NEWSLETTER: DAVE KEARNS
on NOVELL NETWARE
06/07/01 - Today's focus: Bringing Kerberos to NetWare

Dear Wincenty Kaminski,

In this issue:

* University of Pittsburgh develops Kerberos authentication for
  NetWare
* Links related to Novell NetWare
* Featured reader resource

_______________________________________________________________
NetSmart- Your skill building destination

You've eyed your dream job. Do you have the latest skills to
get it?  Visit NetSmart - the premier source for IT Learning.
Register for the certification, training program, seminar or
boot camp to help you land the job of your dreams. Visit
http://nww1.com/go/2936451a.html today.
_______________________________________________________________
Today's focus: Bringing Kerberos to NetWare

By Dave Kearns

There has been a fair amount of talk recently about Kerberos
authentication. Kerberos is a network authentication protocol
that provides strong authentication for client/server
applications by using secret-key cryptography. A free
implementation of this protocol is available from the
Massachusetts Institute of Technology
(http://web.mit.edu/kerberos/www/).

Kerberos is also available in many commercial products. We keep
hearing it in reference to the authentication protocols used by
Windows 2000 and Active Directory (a "Redmondized" form of
Kerberos).

Lots of folks are also asking for some form of Kerberos
authentication for NetWare, either as part of Novell Directory
Services (NDS) eDirectory, or through the Novell Modular
Authentication Service, but as far as I know, no one at Novell
is working on this. However, there is a slight ray of hope.

The University of Pittsburgh is a major user of NetWare and NDS
eDirectory and also has quite a lot of Unix hosts installed. It
uses the Transarc Kerberos 4 authentication protocol to provide
access to the dial-up modem pool, the computing labs, Internet
Message Access Protocol e-mail, and the Timesharing systems.
Unfortunately, it also uses an antiquated process of passing
files around to create these Kerberos and Unix accounts.

Because the process that does this runs only once per day, it
could take up to 48 hours for a computer account to be fully
activated. Additionally, these files do not have a mechanism
for updating information after the account has been created. So
Pitt has created a project to automate this process, and has
decided that Novell's DirXML technology - using Novell
Directory Service's eDirectory as the core data store - is the
right tool.

Pitt is working with Novell Consulting on this project, but you
can follow its progress at http://www.technology.pitt.edu/itplan/cds2/

If you want to try your hand at creating a Kerberos driver for
DirXML, you can get a copy of Pitt's specification at
http://www.technology.pitt.edu/itplan/cds2/appendix.html
along with a copy of the Novell Developer Kit
http://developer.novell.com/ and do it yourself.

Check out the documentation http://developer.novell.com/ndk/dirxml.htm
for the DirXML Driver Kit first, though, just to be sure you understand
what you're getting into!

_______________________________________________________________
To contact Dave Kearns:

Dave Kearns is the Word Wrangler for Virtual Quill, a writing
agency serving the computer and networking industries. If
your target customer doesn't know your product, doesn't know
its uses and doesn't know he needs it, he's not going to buy
it. From books to reviews, marketing to manuals, VQ can help
you and your business. Virtual Quill - "words to sell by..."
Find out more at: http://www.vquill.com/, or by e-mail at
mailto:info@vquill.com.
_______________________________________________________________
RELATED EDITORIAL LINKS

Breaking Novell and NetWare news, updated daily:
http://www.nwfusion.com/news/financial/novell.html

Archive of the Novell NetWare newsletter:
http://www.nwfusion.com/newsletters/netware/index.html
______________________________________________________________
FEATURED READER RESOURCE

User Excellence Award

If you've completed an interesting network project in the last
12 to 18 months, here's your chance to gain industry
recognition for it. Network World is currently accepting
nominations for its annual User Excellence Award. For more
information and an online nomination form, go to
http://www.nwfusion.com/nw/awards.html#excellence
Deadline for submission is June 11.
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Fusion Sales
Manager, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2001

------------------------
This message was sent to:  vkamins@enron.com