[1282] in Kerberos
Re: srvtab on client machines
daemon@ATHENA.MIT.EDU (Galina@shelby.Stanford.EDU)
Mon Mar 4 20:24:45 1991
Date: 1 Mar 91 22:31:11 GMT
From: Galina@shelby.Stanford.EDU
To: kerberos@shelby.Stanford.EDU
> >
> >
> > Date: Wed, 27 Feb 91 15:20:02 EST
> > From: "Galina Kofman" <GALINA@IBM.COM>
> >
> > So, how does Athena distribute srvtab files?
> >
> We send the files over encrypted somehow. There are many ways to do
> this, but here's one: This assumes that you have a version of rlogin
> which supports DES encryption of the data stream. You would then be
> able to use a program to encrypt the srvtab file (it would be OK to type
> the password over the net, since you would be logged into the Kerberos
> server over an encrypted channel). You could then FTP the encrypted
> srvtab file to the destination machine, walk over to the destination
> machine, and decrypt the srvtab file while being logged in directly to
> the desintation machine. The reason why you wouldn't be able to get an
> encrypted rlogin channel to the destination machine is that this
> requires a srvtab, and the destination machine wouldn't have one yet.
>
> - Ted
>
Sorry for the previous append. Ted, do you mean that each user has to come
do the database administrator and send srvtab file to her/his machine? Or
does database administraotr has to come to each user's machine to decrypt
srvtab?
Thank you.
Galina..
POST
Newsgroups: comp.protocols.kerberos
Subject: Re: srvtab on client machines
From: Galina
> >
> >
> > Date: Wed, 27 Feb 91 15:20:02 EST
> > From: "Galina Kofman" <GALINA@IBM.COM>
> >
> > So, how does Athena distribute srvtab files?
> >
> We send the files over encrypted somehow. There are many ways to do
> this, but here's one: This assumes that you have a version of rlogin
> which supports DES encryption of the data stream. You would then be
> able to use a program to encrypt the srvtab file (it would be OK to type
> the password over the net, since you would be logged into the Kerberos
> server over an encrypted channel). You could then FTP the encrypted
> srvtab file to the destination machine, walk over to the destination
> machine, and decrypt the srvtab file while being logged in directly to
> the desintation machine. The reason why you wouldn't be able to get an
> encrypted rlogin channel to the destination machine is that this
> requires a srvtab, and the destination machine wouldn't have one yet.
>
> - Ted
>
Sorry for the previous append. Ted, do you mean that each user has to come
do the database administrator and send srvtab file to her/his machine? Or
does database administraotr has to come to each user's machine to decrypt
srvtab?
Thank you.
Galina.
