Network Identity Manager	Heimdal		OpenSSL
All our development projects are open source and freely available for use. Please contribute to the development of Network Identity Manager and Heimdal by making a contribution.	Anonymous access to AFS	Subscribe to the Secure Endpoints journal	Open Source Kerberos Tooling

---

Secure Endpoints Inc. (a corporation registered in the State of New York, DUNS# 14-353-0660) provides expert consulting and software development services combining the use of secure open source authentication, data exchange, and communication software and the Microsoft Windows platform.  Secure Endpoints Inc. is a primary contributor to a number of Open Source Projects including Network Idenitty Manager, Heimdal Kerberos and OpenSSL.

---

Latest News:

• 2017-07-11: Critical multiplatform Kerberos bug: Orpheus' Lyre puts Kerberos to Sleep!

2017-07-11: Heimdal 7.4 released for Microsoft Windows. Includes fix for Orpheus' Lyre bug.

2017-07-11: Network Identity Manager Version 2.5.106 is available. Now built with Heimdal 7.4.

• 2015-02-25: OpenAFS client installers are now available from AuriStor, Inc.

2013-10-13 Heimdal compatible PuTTY SSH with GSS Key Exchange support released by Marcus Sundberg

• 2010-05-27: Open Source Kerberos Tooling site announced.

• Older News

---

Products:

• 

  ---

  is an implementation of Kerberos 5 (and some more stuff) originally developed in Sweden (which was important when the project started, less so now). It is freely available under a three-clause BSD style license.

  Secure Endpoints, Inc. ported Heimdal to the Microsoft Windows operating system platform as a replacement for MIT's Kerberos for Windows which had not been updated in several years.  The Secure Endpoints' Heimdal distribution consists of several components:

  • The core Heimdal libraries, implemented as a set of side-by-side assemblies
  • A set of Kerberos command-line tools including kinit, klist, kdestroy, ktutil, kadmin, kswitch, kvno, kdigest and others
  • A set of MIT Kerberos for Windows compatibility libraries which permit applications developed against MIT Kerberos for Windows to use Heimdal
  • A Microsoft LSA credential cache plug-in
  • A MIT Kerberos for Windows API cache plug-in

  Download digitally signed Heimdal installers.

  Please send bug reports and feature requests to heimdal@secure-endpoints.com.

• Network Identity Manager

  ---

  

  Secure Endpoints Inc. is the primary developer of Network Identity Manager (NetIdMgr).  It allows end users to manage multiple network identities from within a single easy to use interface.  Built upon the extensible Khimaira framework, NetIdMgr enables organizations to provide users with a single sign-on experience. A single Kerberos authentication can automatically derive credentials for a variety of other authentication mechanisms including AFS tokens and X.509 certificates.  NetIdMgr also provides users with automatic credential renewal.

  Network Identity Manager is distributed as the credential manager for MIT Kerberos for Windows. 

  Read the Network Identity Manager User Documentation (PDF) and the Khimara Developer Documentation (HTML) or (CHM).

  Organizations wishing to support the on-going development of Network Identity Manager are encouraged to contact Secure Endpoints Inc.  The road map contains a broad range of features and user interface improvements for which funding is required.

  Network Identity Manager Version 2.5.106 is now available as an update. Version 2.5 is built using the Heimdal 7.4 side-by-side assembly.

  AFS Token Provider

  

  Secure Endpoints Inc. has developed a plug-in supporting AFS token acquisition and renewal for multiple AFS cells from a single Kerberos v5 identity.  The plug-in is distributed as part of OpenAFS for Windows. 

  Kerberized Certificate Authority Provider

  

  Secure Endpoints Inc. is distributing a Kerberized Certificate Authority plug-in that can be used to automatically obtain X.509 client certificates when Kerberos v5 credentials are obtained or renewed.   Version 2.4.0 is available for download.   End-user documentation is also available.  The KCA plug-in is bundled with a PKCS#11 module that exports certificates from the Windows Certificate Store to applications such as Mozilla's Firefox and Thunderbird.

  • KCA Provider 2.4.0 (32-bit MSI)
  • KCA Provider 2.4.0 (64-bit MSI)
  • KCA Provider 2.4.0 source code (ZIP)

  The significant changes since version 2.0 include:

  • Support for 64-bit Network Identity Manager
  • Several memory leaks were plugged
  • Capable of storing private keys for certificates with longer Issuer names
  • Improved retry algorithm better adjusts for network packet loss
  • Notification Icon that shows the status of KX.509 Certificates [2.3]
  • Support for old University of Michigan KCA servers that do not include issuer KCA_REALM information in the issued certificates. [2.4]

• OpenAFS for Windows and OSX 

  ---

  

  Secure Endpoints Inc. was the primary developer of OpenAFS.org's OpenAFS for Windows product. AFS clients for Windows and OSX are now produced and distributed by AuriStor, Inc.

  Please contact AuriStor, Inc. for OpenAFS Support.
   

---

Other Open Source and Standards Participation:

• OpenSSL

  ---

  A contributor to OpenSSL since 1999 supporting the Microsoft Windows implementation and the Kerberos v5 cipher suite.

   

• Internet Engineering Task Force

  ---

  A participant in the development of Internet Standard protocols since 1999.
  

  • Kitten (Common Authentication Technologies: Next Generation)
  • Kerberos
  • PKIX (Public Key Infrastructure)
  • SASL (Simple Authentication and Security Layer)
  • TLS (Transport Layer Security)
  • Security Area Advisory Group
  • Security Directorate

• Kermit

  ---

  A contributor to C-Kermit (Unix, VMS, OS/2) since 1987 and primary author of Kermit 95 on Microsoft Windows since 1995.

• Project JXTA

  ---

  A community member since April 2001 and a member of the Project JXTA Board of Directors from October 2002 through February 2005.
   

---

Upcoming Presentations:

• None scheduled

---

Past Presentations:

• European AFS and Kerberos Conference 2011
  (October 4-7, 2011) at DESY, Hamburg, Germany
• AFS and Kerberos Best Practices Workshop (May 19-24, 2010) at University of Illinois at Urbana/Champaign
• AFS and Kerberos Best Practices Workshop (June 1-5, 2009) at Stanford University
• AFS and Kerberos Best Practices Workshop (May 19-23, 2008) at New Jersey Institute of Technology
  • Kerberos Tutorial, Tuesday May 20
  • Status of OpenAFS for Windows and Kerberos for Windows, Wednesday May 21
  • Customizing Windows Installers for OpenAFS for Windows and Kerberos for Windows, Thursday May 22
  • A Preview and Architectural Overview of the Native Windows OpenAFS Client, Friday May 23
  • OpenAFS Elders discussion of the road ahead, Friday May 23
  
   
HEPiX Fall 2007 - OpenAFS Status and Futures (November 6, 2007) (Slides)
 
• AFS and Kerberos Best Practices Workshop (May 7-11, 2007)
  • Kerberos Tutorial, Tuesday May 8 (Slides)
  • Status of OpenAFS for Windows (Slides) and Kerberos for Windows (Slides), Wednesday May 9
  • OpenAFS for Windows and Kerberos for Windows User Interface Futures (Slides), Thursday May 10
  • OpenAFS Road Map Discussion (Slides), Friday May 11
     
• ACM Reflections 2006 (October 20-22, 2006)
   
• Apple WWDC (August 7-11, 2006)
   
• AFS and Kerberos Best Practices Workshop (June 12-16, 2006)
  The third annual AFS & Kerberos Best Practices Workshop was held the University of Michigan. The workshop included two days of tutorials and three days of talks.
  • AFS & Kerberos Workshop OpenAFS Status Slides
  • Developing Plug-ins for Network Identity Manager
     
• NIST PKI'06 (Tuesday April 4, 2006) - "Integrating Public Key and Kerberos"
   
• AFS and Kerberos Best Practices (June 20-24, 2005)
  The second annual AFS & Kerberos Best Practices Workshop was held at Carnegie Mellon University. The workshop included two days of tutorials and three days of talks.
  
  • OpenAFS for Windows Update
  • MIT Kerberos for Windows Update
  • Khimaira: A Unified User-interface for AFS and Kerberos
  
  
• Apple WWDC (June 6-10 2005)
  Session 636 - Hands On: Network Authentication
  


• UNIGROUP of New York (April 21 2005)
  OpenAFS: An Open Source Wide-Area Distributed File System
  


• AFSig.se (December 2004)
  OpenAFS for Windows: One Year Later
  
  
• UNIGROUP of New York (May 2004)
  MIT Kerberos and Cross Platform Interoperability with Microsoft and Java
  
  
• AFS Best Practices Conference (March 2004)
  • Future Directions for the AFS Client on Windows
    
    
• Uninett (June 2003)
  Keynote Address
  Peer to Peer Networking. What is it? And why do we care?
  
  
• JavaOne 2002
  Project JXTA P2P Security: A Java(tm) technology-based, Virtual Transport Implementation of Transport Layer Security
  

---

Who are Secure Endpoints Inc.?:

•  Jeffrey Eric Altman, President/CEO
  

---