Future of kerberised telnet, login, rsh, ftp?
Andrew Bartlett
abartlet at samba.org
Tue Jul 5 23:44:39 EDT 2005
On Wed, 2005-07-06 at 09:31 +0600, Ilia Chipitsine wrote:
> > As a relative newcomer to the kerberos world, I'm wondering what the
> > future of tools like kerberised telnet, rsh, ftp and the like is. It
> > seems from my viewpoint that OpenSSH (with the gssapi mode) and things
> > like pam_krb5 have taken over from these tools.
>
> when using kerberised telnet, there's no clear text password exchange.
> telnet requests a key from kerberos server and that communication is
> encrypted.
>
> as for pam_krb5, there's clear text password exchange between telnet and
> server, only server<-->kerberos connection is encrypted.
>
> so, I wouldn't consider telnet+pam_krb5 as replacement for kerberised
> telnet.
Indeed, I was referring to kerberised 'login' as being superseded by PAM
and pam_krb5, in particular on Linux systems.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050706/d6ddb13b/attachment.bin
More information about the krbdev
mailing list