[3168] in Kerberos
Re: Kerberized FTP
daemon@ATHENA.MIT.EDU (Roland Schemers)
Sun Apr 24 17:41:44 1994
To: kerberos@MIT.EDU
Date: 24 Apr 1994 20:36:26 GMT
From: schemers@leland.Stanford.EDU (Roland Schemers)
In article <WALRUS.94Apr24155830@enchanter.ifs.umich.edu>,
michael shiplett <michael.shiplett@umich.edu> wrote:
>
> Now that kerberos works, I guess it's time to modify ftpd to get an
>AFS token.
>
How were you planning on doing that? I've messed around a little with
the kerberized ftp/ftpd and added a simple "site klog" command. I modified
the kerberized ftp client and added a "klog" command, which prompts you
for your password. The client also warns you if you are not running
in "private" (commands/data encrypted) mode. The client then sends
your AFS password over the encrypted channel.
More elaborate methods could send an existing token (base64 encoded) over the
data channel, or ftpd could request and AFS kerberos ticket for you, send it
to the client, the client could decrypt the ticket and/or turn it into a token
and send it back to the server (all over an encrypted channel of course).
Sending an existing token over would be nice because you wouldn't have type
your password if you had a token. It does put more smarts in the client
where the simple "site klog passwd" adds less. Maybe both are needed.
Roland
--
Roland J. Schemers III | Networking Systems
Authentication Services Programmer | 414 Sweet Hall +1 (415) 723-6740
Distributed Computing Operations | Stanford, CA 94305-3090
Stanford University | schemers@Slapshot.Stanford.EDU
