[4332] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: request for commentary on krb IV server mod

daemon@ATHENA.MIT.EDU (Roland J. Schemers III)
Tue Dec 13 13:06:22 1994

From: "Roland J. Schemers III" <schemers@slapshot.Stanford.EDU>
Date: Tue, 13 Dec 1994 09:43:49 -0800
In-Reply-To: john@iastate.edu (John Hascall)
        "Re: request for commentary on krb IV server mod" (Dec 13,  3:36pm)
To: john@iastate.edu (John Hascall), kerberos@MIT.EDU

On Dec 13,  3:36pm, John Hascall wrote:
> Subject: Re: request for commentary on krb IV server mod
>
>    The presumed benefit to TGT-forwarding for telnet is that
>    you need not type your password across an unsecure net-connection.
>    However, if you've disabled the address checking, and just sent
>    a TGT across the wire, haven't you just given the snooper something
>    just about as good as a cleartext password?

You just encrypt the tgt before sending it.

Roland


-- 
Roland J. Schemers III              | 414 Sweet Hall  +1 (415) 723-6740 
Principal System Software Developer | Stanford, CA 94305-3090 
Distributed Computing Operations    | schemers@Slapshot.Stanford.EDU 
Stanford University                 | http://www-leland.stanford.edu/~schemers/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4332] in Kerberos

Re: request for commentary on krb IV server mod

daemon@ATHENA.MIT.EDU (Roland J. Schemers III)Tue Dec 13 13:06:22 1994

daemon@ATHENA.MIT.EDU (Roland J. Schemers III)
Tue Dec 13 13:06:22 1994