[4193] in Kerberos
Re: Kerberos w/ one-time passwords?
daemon@ATHENA.MIT.EDU (Ted Lemon)
Tue Nov 15 12:55:25 1994
To: jgs@yurt.merit.edu (John Scudder)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "14 Nov 1994 20:04:42 GMT."
<3a8fsq$bk4@lastactionhero.rs.itd.umich.edu>
Date: Tue, 15 Nov 1994 09:25:53 -0800
From: Ted Lemon <mellon@ipd.wellsfargo.com>
> Since the machine I'm sitting at is not running Kerberos itself
> (imagine it's a vt100 connected to a modem dialed in to a terminal
> server telnetted to my workstation) the workstation (call it "the
> host") has to be where kinit is run. The telnet connetion is
> over an insecure medium.
Why not just run kinit on the terminal server? At least one vendor
has publicly stated on the Kerberos mailing list that they are working
on a K5 implementation. This doesn't protect you from eavesdropping
on the phone line, of course - if that's important to you, you should
run SLIP or PPP and throw out the VT100. It seems to me that this
would be cheaper than implementing the software to provide the
functionality that you're looking for - a Kerberos-capable PC with PPP
software would run you ~$1000 in quantity.
_MelloN_
--
Ted Lemon Wells Fargo Bank, Information Protection Division
mellon@ipd.wellsfargo.com +1 415 477 5045
