question about FTP and kerberos

Donn Cave donn at drizzle.com
Sun Mar 9 23:18:13 EST 2003


Quoth reading-FAQ at verizon.net:
| 	If I add a user to my W2K Domain controler,  and then they log in
| from outside my network, will the ftp files and password be encrypted?
|
| or should I stick to  SSH and sftp ?
|
| 	I think ???  I understand the network authentication part of
| kerberos, but does it also encrypt the password? I think not. help

No, it doesn't encrypt the password, but it doesn't transmit it in
clear text either.  Kerberos uses the password as [... stuff that
you have already read about ...]  The bottom line is that the password
is not only protected from network sniffing, it's even protected from
the service you're authenticating to.

Kerberos5 (a.k.a. GSSAPI) ftp supports data encryption also, if you
want.  But you need a Kerberos ftp, which I guess for Windows means
Kermit or WRQ Reflection, maybe others.

	Donn Cave, donn at drizzle.com


More information about the Kerberos mailing list