From owner-freebsd-questions Wed Jan 20 03:42:30 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA18128 for freebsd-questions-outgoing; Wed, 20 Jan 1999 03:42:30 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from gw.caamora.com.au (jonath5.lnk.telstra.net [139.130.41.237]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA18117 for ; Wed, 20 Jan 1999 03:42:25 -0800 (PST) (envelope-from jon@gw.caamora.com.au) Received: (from jon@localhost) by gw.caamora.com.au (8.8.8/8.8.8) id WAA06943; Wed, 20 Jan 1999 22:44:45 +1100 (EST) (envelope-from jon) Message-ID: <19990120224444.A6919@caamora.com.au> Date: Wed, 20 Jan 1999 22:44:44 +1100 From: jonathan michaels To: freebsd-questions@FreeBSD.ORG Subject: Re: Kerberos info Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: ; from Jason C. Wells on Tue, Jan 19, 1999 at 04:58:59PM -0800 X-Operating-System: FreeBSD gw.caamora.com.au 2.2.7-RELEASE i386 X-Mood: i'm alive, if it counts Organisation: Caamora, PO Box 144, Rosebery NSW 1445 Australia Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jan 19, 1999 at 04:58:59PM -0800, Jason C. Wells wrote: > On Wed, 20 Jan 1999, John Saunders wrote: > > >I'm after some very basic kerberos info. I'm not after install > >instructions (yet). I am after some info like "what is kerberos" and "what > >does it give me that is worth the effort to configure it". > > Kerberos is an authentication system. It is worth configure because it > keeps your password encrypted during transmission. jason, i have a few machines at home in my now all freebsd network, i only have a personal link tot he internetworking community beyound my freebsd router. do you think it would be worth my while to run kerberos as well ? i have a few people loging in to do work on thier own webpages, and the rest are just webpage browsers .. not to amny as the pages that are here are very raw and suffering from builder notknowing what to do next. > >I hear it's an authentication system, what is wrong with /etc/passwd? > > Password authentication done the normal way requires your password to be > sent "cleartext" to the authenticating host. Anyone listening can grab > your password. wouldn't ssh solve a lot of those probelms .. or is ssh differnt to the way kerberos does teh passwd encoding ? > > >Why not use NIS (yellow pages)? > > I don't know why but I have this blue O'Reilly book that says NIS is a > serious security problem for networks that are connected to public > networks. not knowing either, but surmising that nis (yp) was built at a time when the internetworking community was a knder place were people sorta knew each other and definately trusted each other .. unlike now were all sorts of jerks can get on and reap largscale havoc .. just for 'fun', thi si how i see it as happening .. yes ? > If you are interested in securing your system you should also investigate > 'ssh'. hwo could/would you integrate ssh and kerberos into a security concious frontend for ones freebsd system ? regards and thank you jonathan -- =============================================================================== Jonathan Michaels PO Box 144, Rosebery, NSW 1445 Australia =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message