Article Title	 	: Kerberos and Security
Creation Date		: 09/28/95
Message ID		: CGLNHQ
Last Update		: 
Expiration Rules	: unknown
Location		: NCD-Articles/NCDware
=================================================================


NCD agrees completely with the following statement on security:

    "Vendors supplying X terminals should be working towards implementing
    the strongest X security standards."

As of NCDware release 3.2, NCD has implemented the following security
standards as defined by the X Consortium:

    MIT-MAGIC-COOKIE-1		These standards address access control
    XDM-AUTHENTICATION-1	and user authorization.
    XDM-AUTHORIZATION-1

    The NCDware release 3.2 also includes XDM binaries for some hosts which
    do not support the XDM security options properly.

Below are some examples of how NCD has worked within the context of standards
to provide stronger X terminal security measures:

    For customers in the USA and international customers with a
    proper export license, NCD offers a special version of the
    local terminal emulator, NCDterm, which uses DES encryption
    for all Telnet traffic between the terminal and the host.

    The system administrator may disable users' access to any of the
    NCDware Console activities--selectively lock each item by password.

    For higher security, NCD offers the Security Keyboard option.  This
    keyboard is used to access boot PROM and setup information for an
    NCD unit.  Access to the terminal is disabled for all users except the
    system administrator using the special Security Keyboard.

    Lock Screen local client to keep unauthorized users from accessing the
    X terminal while the user is not present.

NCD has been actively exploring stronger security options such as Kerberos
and compartmented mode workstations (CMW's) for networked display devices.
With regards to Kerberos, NCD can benefit from the authentication support
provided by the ticket-based system.  However, implementation will be
difficult until the majority of UNIX system vendors supply interoperable
Kerberos products.  Kerberos support requires changes to the UNIX operating
system at low levels such as the file system.  NCD continues to track
Kerberos developments.

Where possible, NCD will implement common standards. Where necessary, NCD will
work within the context of standards to provide stronger security measures.