home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.19990422-19990725
/
000175_news@watsun.cc.columbia.edu _Fri Jun 18 17:48:39 1999.msg
< prev
next >
Wrap
Internet Message Format
|
1999-07-23
|
3KB
Return-Path: <news@watsun.cc.columbia.edu>
Received: from newsmaster.cc.columbia.edu (newsmaster.cc.columbia.edu [128.59.59.30])
by watsun.cc.columbia.edu (8.8.5/8.8.5) with ESMTP id RAA02625
for <kermit.misc@watsun.cc.columbia.edu>; Fri, 18 Jun 1999 17:48:38 -0400 (EDT)
Received: (from news@localhost)
by newsmaster.cc.columbia.edu (8.8.5/8.8.5) id RAA25233
for kermit.misc@watsun.cc.columbia.edu; Fri, 18 Jun 1999 17:40:01 -0400 (EDT)
X-Authentication-Warning: newsmaster.cc.columbia.edu: news set sender to <news> using -f
From: jaltman@watsun.cc.columbia.edu (Jeffrey Altman)
Subject: Re: Kermit NT host?
Date: 18 Jun 1999 21:40:01 GMT
Organization: Columbia University
Message-ID: <7keebh$ojh$1@newsmaster.cc.columbia.edu>
To: kermit.misc@watsun.cc.columbia.edu
In article <929731489.067.37@news.remarq.com>,
Tom Robinson <trobinson@gksys.starcon.kom> wrote:
: Kermit 95 Telnet Host has its own user authentication and user-level
: security. This must be done in Kermit because Win95 has no user-level
: security.
correct.
: On NT, the same Kermit 95 authentication and security is used.
: However, NT has decent security that could be used instead.
"decent security" is questionable. but yes, we could authenticate
against the local domain server.
: Is this possible, or planned, or already implemented elsewhere:
K95 1.1.18 already does support via TELNET AUTH NTLM the ability
to authenticate incoming and outgoing connections when both sides
are running on Microsoft platforms.
: Kermit NT running as a service.
: Authentication done against the NT user list, so no Kermit user/password
: list needed.
K95 is not a service. After C-kermit 7.0 (Unix IKSD) ships our next
priority is getting 1.1.18 out the door with the GUI environment.
Only after that will we consider (based upon user demand) developing
the IKSD for NT which would be able to authenticate against the
local DOMAIN. This can not be done in the Kermit script language.
: All subsequent activity takes place in a spawned processes running as the
: user ID the user has logged in as.
That is a problem because you do not want to use spawned processes if you
truly want a secure solution.
: This would enforce NT's file-level access security, which is much like UNIX
: security.
: It would also allow fairly safe Command Prompt access, because the user's
: commands would be restricted to those files they could access if logged in
: to the NT console as themselves, or if accessing files on the NT Server
: logged in as themselves.
:
: Basically, other than the telnetd part, Kermit could run just like on UNIX
: and let the OS take care of security.
Well, not exactly. Unlike Unix, when a process assumes the users
credentials (ie, su as the user) it does not get the user's environment.
Instead, it runs with the users credentials in the current environment
"whatever that happens to be". This is a complaint I have had with all
of the Telnet implementations for NT.
It does enforce file permissions but that is about it.
If this is a priority for you, please take it offline and contact
kermit-support@columbia.edu directly.
Thanks.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * kermit-support@kermit-project.org