On Wed, 2005-07-06 at 09:31 +0600, Ilia Chipitsine wrote: > > As a relative newcomer to the kerberos world, I'm wondering what the > > future of tools like kerberised telnet, rsh, ftp and the like is. It > > seems from my viewpoint that OpenSSH (with the gssapi mode) and things > > like pam_krb5 have taken over from these tools. > > when using kerberised telnet, there's no clear text password exchange. > telnet requests a key from kerberos server and that communication is > encrypted. > > as for pam_krb5, there's clear text password exchange between telnet and > server, only server<-->kerberos connection is encrypted. > > so, I wouldn't consider telnet+pam_krb5 as replacement for kerberised > telnet. Indeed, I was referring to kerberised 'login' as being superseded by PAM and pam_krb5, in particular on Linux systems. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part