>>>> Is there a "better" NIS [...] >>> I'd be interested in hearing about any such. >> OSF DCE might do a lot of what is wanted. > >Perhaps. Where can I find it? Only the source for the RPC part is out in public. Check outh http://web1.osf.org:8001/dce/index.htm. There is a link there that points to a typical worthless press release about it. Do an archie search on DCE and you should find the source. The rest of it you will have to pay for. Don't know where the rest of the world is heading, but HP includes the client part of DCE for free with HPUX 10.0. >> I have the feeling that things might be about to take off on the DCE >> scene. With IBM, HP and Digital backing OSF, it most certainly have >> the potential. > >This is a disrecommendation IMO. I'm looking for something with >technical merit, which in my experience usually correlates negatively >with lots of corporate backing, especially lots of corporate backing >before adoption by the community. Yes, In case of DCE it has without doubt already lead to some negative things. It eats 90MB of disk space, a lot of memory (both for a complete server setup, the client parts ar smaller), but still, it leads to products that is included with systems, and which is thus supported by other commerical applications and is used even by sys admins which don't play around much wich third party software. > >> The RFC that is out on DCE 1.2 > >What number? I didn't find "DCE" in the RFC index, and you don't >expand the acronym so I can't search for the expansion.... Ugh.. sorry, probably not in the normal RFC indexes either :-/ http://info.pilgrim.umass.edu/pub/osf_dce/RFC/rfc63.0.txt has an overview of DCE 1.2. At least the say they will make improvments in several important areas. How improved it will be, is of course a totally different matter... http://info.pilgrim.umass.edu/pub/osf_dce/RFC/rfc-index.htm has a list of DCE RFC's > >> [T]he security services in DCE is based on Kerberos 5 and more or >> less all additional services does Kerberos 5 authentication. > >Non-exportable? Sigh. No and yes. The kerberos 5 authentication is allowed to be exported (otherwise, I wouldn't had it here in Norway). Hoewever, some parts of the security system is not allowed to be exported. DCE 1.2 might help with support for multiple encryption types and public key. If just someone will make a plug in module to be used outside of US. Terje Marthinussen terjem@staff.cs.uit.no