Date: 25 Mar 1999 11:07:04 +0100 From: joda@pdc.kth.se (Johan Danielsson) To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Mike Thompson <miket@dnai.com>, Gary Gaskell <gaskell@isrc.qut.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: Kerberos vs SSH Message-ID: <xofr9qdsx12.fsf@blubb.pdc.kth.se> In-Reply-To: Matthew Dillon's message of "Thu, 25 Mar 1999 01:05:58 -0800 (PST)" References: <199903250426.UAA68023@apollo.backplane.com> <4.1.19990324234311.00a0eba0@mail.dnai.com> <199903250905.BAA95946@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon <dillon@apollo.backplane.com> writes: > The one problem with this is that kerberos defaults to disabling > encryption ... you have to explicitly enable it. Don't day that `kerberos' defaults to disabling encryption. Kerberos is a protocol to authenticate users, and as such it always uses encryption. Kerberos *applications* can choose to use or not use encryption, but to say that all of them, and all implementation of them, doesn't by default is unfair. Most applications that doesn't encrypt has a good reason not to, like being originally written in an era where computers were slow enough to make encrypted telnet sessions painful. Which isn't an excuse for not doing encryption, but an explanation. /Johan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xofr9qdsx12.fsf>