gssftp and /usr/kerberos/bin/ftp
Ken Raeburn
raeburn at MIT.EDU
Mon Aug 20 12:07:47 EDT 2007
On Aug 20, 2007, at 10:19, Steven Miller wrote:
> Can anyone tell me, if using the kerberos ftp client and gssftp,
> without having generated yourself a ticket using kinit, does your
> password get set clear text?
If you're responding to a password prompt in ftp because it had no
Kerberos credentials with which to authenticate you, yes, it's
sending that password in the clear.
> Also when using ftp with a ticket, i get two tickets from the host
> i ftp to. One from
>
> ftp/foo.bar.com
>
> and one from
>
> host/foo.bar.com
>
> I created both host/foo.bar.com and ftp/foo.bar.com, is it normal
> behavior to get both tickets?
If ftp/foo exists, ftp should use just that one. However, if
authentication fails for some reason, I think it may fall back to
trying host/foo. (It's supposed to use ftp/foo if that principal
exists, and host/foo only if ftp/foo doesn't exist, but the error
information passed back isn't detailed enough.)
If you've used ssh or rlogin to the host as well as ftp, that would
also explain your having both credentials.
Ken
More information about the Kerberos
mailing list