From owner-freebsd-security  Fri Jun 22  2:31:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP id E926737B409
	for <freebsd-security@freebsd.org>; Fri, 22 Jun 2001 02:31:48 -0700 (PDT)
	(envelope-from sheldonh@starjuice.net)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.30 #1)
	id 15DNHw-0000bU-00; Fri, 22 Jun 2001 11:31:40 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: Stanley Hopcroft <Stanley.Hopcroft@IPAustralia.gov.au>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: SSH and/or Kerberos experience 
In-reply-to: Your message of "Fri, 22 Jun 2001 10:00:35 +1000."
             <20010622100034.B788@IPAustralia.Gov.AU> 
Date: Fri, 22 Jun 2001 11:31:40 +0200
Message-ID: <2323.993202300@axl.seasidesoftware.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



On Fri, 22 Jun 2001 10:00:35 +1000, Stanley Hopcroft wrote:

> The main difference I see between Kerberos and SSH is that Kerberos 
> provides a single point of control for the authentication process: 
> rights can be added or deleted in only one place.

Use both, in other words, Kerberized SSH.  Kerberos scores you
ticket-based authentication, while SSH scores you an encrypted session.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message