wchow at athenacr.com
Fri Oct 13 18:19:20 EDT 2006
Jeffrey Hutzelman wrote:
> Kerberos only provides authentication and a shared secret. To properly
> "kerberize" an application protocol, it has to protect its commands and
> data from tampering by actually _doing_ something with that secret.
> There are a number of tools out there, including ssh, remctl, and a
> variety of TLS-based tools, which provide applications with an
> integrity-protected, encrypted data channel and which can use Kerberos
> authentication. In most cases, these require running the application in
> a particular way, which is generally _not_ the same as what inetd does
> (accept a connection and pass the TCP socket to the application).
Ah, right, this wouldn't work, since anything connecting to a
"kerberized inetd" would have to know how to authenticate against the
More information about the Kerberos