Telnet Encryption

Wyllys Ingersoll wyllys.ingersoll at sun.com
Mon Oct 21 16:55:11 EDT 2002


John Dough wrote:
> System A: Unix machine
> 
> Device B: No SSH support, Supports Encrypted Kerberos telnet 
> connections, Auth via Radius and SecurID.
> 
> Requirement: Encrypt all traffic between System A and device B.  
> Authentication will be handled either by RADIUS or SecurID.
> 
> Out of curiosity, is it possible to NOT authenticate Kerberos sessions?  
> All I need from Kerberos is the ability to encrypt all telnet sessions 
> from System A to Device B.  It would be nice if this could be 
> implemented as "seamless" as possible.

I dont think this is possible.   One of the byproducts of the Kerberos
authentication is a session key, which is used as the encryption
key between the client and the server.   Kerberos authentication
provides a secure way for the 2 sides to exchange these keys,
I'm not sure that RADIUS or SecureID authentication can
offer that ability.

-Wyllys







More information about the Kerberos mailing list