[76] in linux-security and linux-alert archive
Re: Shadow discussions ... don't forget skey
daemon@ATHENA.MIT.EDU (Tom Dunigan 576-2522)
Thu Mar 9 14:07:27 1995
Date: Thu, 9 Mar 1995 08:16:09 -0500
From: Tom Dunigan 576-2522 <dunigan@thdsun.epm.ornl.gov>
To: linux-security@tarsier.cv.nrao.edu
Cc: tytso@MIT.EDU
Reply-To: linux-security@tarsier.cv.nrao.edu
[mod: quoting trimmed --okir]
>
>These credentials can then be used by a Kerberized telnet (or rlogin)
>client to securely login to a remote machine without ever needing to
>type your password over the network.
>
NOT.
The assumption was logins from "remote" (uncontrolled and un-kerberized)
sites. Say you want to login in to your Kerberized client from
the floor of Interop or from a terminal server (or from a computer
at a location without Kerberos), your password will go in clear
text over the net .... bad news.
Talk to Jeff Schiller (jis@mit.edu) about his solution that combines
skey and Kerberos, making a clever use of Public Key in the process.
