distributed authentication (was: Re: Yet Another useful paper)

[Christoph Kuenkel]

In article <920 at acer.stl.stc.co.uk>, dww at stl.stc.co.uk (David Wright) writes:
| In article <276 at gloom.UUCP> cory at gloom.UUCP (Cory Kempf) writes:
| #Let's see if I have this right... you are going to allow the
| #workstation that is sitting on my desk to convince another system that
| #I am me, right?
| #This workstation that will then lie for me if I ask it to? and tell
| #your system that I am you?  Or just about anybody else?
| #Really?
| 
| Yes, of course.   Why not?   Not without some help, and not with current 
| standard UNIX and rsh/rlogin/etc. programs, but it is possible.
| 
| Part of the help will have to be a trusted authentication server somewhere
| on the network.  Now your workstation - which knows your password (you just
| typed it in, remember?) - can persuade the authentication server that you are
| you.   [...]

We're just implementing such a scheme to support a distributed office
system.  But we in contrast decided not to introduce *one*
authentication server ``somewhere on the network'' since this would
cause the whole system to break down when the server (or its host)
crashes.  Rather we intend to set up one server per host and to have a
protocoll between them which would result in a much more robust
system.

Is there anybody out there planning (or having implemented :-)
something like that and is interested to share expirience?

christoph
-- 
# include <std/disclaimer.h>
Christoph Kuenkel/UniWare GmbH       Kantstr. 152, 1000 Berlin 12, West Germany
ck at tub.BITNET                ckl at uwbln             {unido,tmpmbx,tub}!uwbln!ckl