[6238] in Kerberos
Re: pc encrypted kerberized telnet report
daemon@ATHENA.MIT.EDU (Howard Chu)
Thu Nov 16 05:12:35 1995
To: kerberos@MIT.EDU
Date: 16 Nov 1995 01:43:49 -0800
From: hyc@troy.la.locus.com (Howard Chu)
In article <adriene.874.000A722F@maspo2.mas.yale.edu>,
ALN <adriene@maspo2.mas.yale.edu> wrote:
>A while back I asked if anyone had a kerberized telnet client that would also
>encrypt for a pc. A few people responded to me that they were also interested
>so I thought I should post my findings back to the net.
>After posting a message asking for kerberized encrypted telnet, I got
>responses from TGV software (Multinet for windows)and WRQ (Reflections)
>TGV software had a very nice winsock compliant kerberos v 4 client that worked
>fine with all my testing. I was even using a generic "trumpet winsock" and not
>their kernel. Their technical support was excellent. However their telnet
>application does not do encryption and therefore I can not use it for the
>project I am working on because I need k4 authentication and encryption for a
>confidential patient data system.
...
>If anyone can point me to an encrypting telnet application which is winsock
>compliant I think I can use the TGV kerberos with it.
The current MIT Kerberos source code includes a Windows telnet application.
It's totally bare-bones, but it includes both Kerberos 4 and 5 authentication
and encryption. Unfortunately, it's very far from a "plug'n'play" package;
the wintel source code is in the Kerberos 5 beta 5 distribution, which also
includes kerberos 4 library source, but it takes a fair bit of configuring
before you can get the Kerberos 4 library source properly built. Also, the
K4 library code that's included in the K5 distribution doesn't include the
kstream routines, which are used to encrypt the telnet session. To get those,
you have to dig them out of the older Kerberos 4 distribution. Definitely
a lot of tedium here, but doable for a sufficiently motivated hacker.
>It sickens me to think the mac ncsa kerberized encrypting telnet has been
>working in this scenario for some time and no one has ported this to the pc
>platform. Any developers out there listening?
Listening, yes. Willing to act, I dunno. It's interesting to me personally,
but not to my company. As far as products go, we have to develop code that
explicitly disallows access to its encryption functions, to satisfy our
export license.
--
Howard Chu Principal Member of Technical Staff
hyc@locus.com Locus Computing Corporation
