[4239] in Kerberos
Re: remote kpasswd
daemon@ATHENA.MIT.EDU (Brian Kantor)
Tue Nov 22 10:49:54 1994
Date: Tue, 22 Nov 1994 07:39:47 -0800
From: brian@nothing.ucsd.edu (Brian Kantor)
To: hobbit@asylum.sf.ca.us, mcguire@rocinante.digex.net
Cc: kerberos@MIT.EDU
Some terminal servers DO use encryption to talk to their security server
hosts, but most of those don't use very strong encryption because they want
to be able to sell them overseas. Also, most of them use a fixed key, so
they're vulnerable to attack. We solve the problem here by having the
terminal servers and their security server isolated on their own private
subnet - physical security again.
The real solution is to get kinit and kpasswd into the terminal server
itself.
- Brian
