kerberized tcpserver
Jeffrey Hutzelman
jhutz at cmu.edu
Fri Oct 13 17:28:33 EDT 2006
On Friday, October 13, 2006 05:05:37 PM -0400 Wesley Chow
<wchow at athenacr.com> wrote:
>
> Is there a kerberized tcpserver or inetd program out there? What I'd
> like to do is kerberize an rsync file transfer session without having to
> go through ssh. It also seems like having such a program would be
> useful to kerberize any services that are already written with inetd or
> tcpserver in mind...
Kerberos only provides authentication and a shared secret. To properly
"kerberize" an application protocol, it has to protect its commands and
data from tampering by actually _doing_ something with that secret. There
are a number of tools out there, including ssh, remctl, and a variety of
TLS-based tools, which provide applications with an integrity-protected,
encrypted data channel and which can use Kerberos authentication. In most
cases, these require running the application in a particular way, which is
generally _not_ the same as what inetd does (accept a connection and pass
the TCP socket to the application).
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos
mailing list