kerberized tcpserver

Jeffrey Hutzelman jhutz at
Fri Oct 13 17:28:33 EDT 2006

On Friday, October 13, 2006 05:05:37 PM -0400 Wesley Chow 
<wchow at> wrote:

> Is there a kerberized tcpserver or inetd program out there?  What I'd
> like to do is kerberize an rsync file transfer session without having to
>  go through ssh.  It also seems like having such a program would be
> useful to kerberize any services that are already written with inetd or
> tcpserver in mind...

Kerberos only provides authentication and a shared secret.  To properly 
"kerberize" an application protocol, it has to protect its commands and 
data from tampering by actually _doing_ something with that secret.  There 
are a number of tools out there, including ssh, remctl, and a variety of 
TLS-based tools, which provide applications with an integrity-protected, 
encrypted data channel and which can use Kerberos authentication.  In most 
cases, these require running the application in a particular way, which is 
generally _not_ the same as what inetd does (accept a connection and pass 
the TCP socket to the application).

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA

More information about the Kerberos mailing list