kerberized tcpserver

[Wesley Chow]

Jeffrey Hutzelman wrote:
> 
> 
> Kerberos only provides authentication and a shared secret.  To properly
> "kerberize" an application protocol, it has to protect its commands and
> data from tampering by actually _doing_ something with that secret. 
> There are a number of tools out there, including ssh, remctl, and a
> variety of TLS-based tools, which provide applications with an
> integrity-protected, encrypted data channel and which can use Kerberos
> authentication.  In most cases, these require running the application in
> a particular way, which is generally _not_ the same as what inetd does
> (accept a connection and pass the TCP socket to the application).


Ah, right, this wouldn't work, since anything connecting to a
"kerberized inetd" would have to know how to authenticate against the
inetd anyway.


Thanks,
Wes