[755] in linux-security and linux-alert archive
Re: [linux-security] SSL
daemon@ATHENA.MIT.EDU (Squawk)
Thu Jun 6 13:45:36 1996
Date: Thu, 6 Jun 1996 11:45:17 -0400 (EDT)
From: Squawk <discodan@vampire.org>
To: Jordy <jordy@aloha.com>
cc: linux-security <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <Pine.BSI.3.91.960602231508.11273E-100000@aloha.com>
On Sun, 2 Jun 1996, Jordy wrote:
>
> I'm curious to know everyone's thoughts on the Secure Socket Layer
> implementations for Linux. At this time, they provide Authentication and
> integration with Keberos (if i read the SSLtelnet docs correctly) This
> seems like a plausable solution to secure intranets and for the rest of
> the internet community.
>
> One thing that seems to bother me is that in the telnet daemon, it won't
> ask for the login name if the client and daemon have authentication. I
> guess this is a "feature", it would be a lot nicer if it used the keys
> and the password with kerberos encryption. I think this would probably
> fix the problem of packet sniffing of the passwords while login.
I believe (though I could be wrong on this one) that kerberos has the
same "feature" which means when connecting across a kerberos network you
will never see a login. this makes it alot more convienient (alot like
.rhosts entries but more secure) but its mainly because the less times
you type a login/passwd the less times a sniffer can pick them up, even
if its encrypted.
-Dan