[7103] in Kerberos
Re: Dial-In Servers and Kerberos
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Apr 16 16:58:19 1996
To: herwin@mason2.gmu.edu (HARRY R. ERWIN)
Cc: kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 16 Apr 1996 16:26:43 -0400
In-Reply-To: herwin@mason2.gmu.edu's message of 16 Apr 1996 16:42:04 GMT
>>>>> "HARRY" == HARRY R ERWIN <herwin@mason2.gmu.edu> writes:
HARRY> Are there any dial-in servers that are compatible with a
HARRY> Kerberos V environment?
Your question is ambiguous. There are terminal servers that
speak the Kerberos protocol, using it as a centralized password
database.
However, this is not compatible with the Kerberos philosophy.
The intent of Kerberos is to avoid passwords ever going over insecure
channels like phone lines or networks. Clearly, then, Kerberos is not
somewhing for terminal servers to implement; instead, they should
allow the clients to pass Kerberos packets to a secure Kerberos
server.
So, the answer is somewhat complicated. If you are looking at
terminal servers that can work in a Kerberos environment, the answer
is that yes, several exist. If you look to find terminal servers that
meet the Kerberos security model, I am not aware of any.
--Sam
