From owner-freebsd-newbies Sat Jul 28 6:52:18 2001 Delivered-To: freebsd-newbies@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 439F537B401 for ; Sat, 28 Jul 2001 06:52:14 -0700 (PDT) (envelope-from mimerki@saintmail.net) Received: from saintmail.net (nidoqueen-07.dynamic.rpi.edu [128.113.138.96]) by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f6SDqCW47946; Sat, 28 Jul 2001 09:52:12 -0400 Message-ID: <3B62C3CF.2FA4AABC@saintmail.net> Date: Sat, 28 Jul 2001 09:53:19 -0400 From: Marcia Barrett Nice X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: leegold Cc: freebsd-newbies@FreeBSD.ORG Subject: Re: newsgroup way over my head References: <000d01c11715$4fd20300$0a87accf@shavedham> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think your question may be a bit much for -newbies, but I'm going to try giving you some links and hope they answer your questions. From SecurityPortal.com: http://securityportal.com/lskb/10000100/kben10000105.html Kerberos is a modern network authentication system based on the idea of handing a user a ticket once they have authenticated to the Kerberos server (similar to NT's use of tokens). Kerberos is available from: http://web.mit.edu/kerberos/www/. The Kerberos FAQ is available at: http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html. Kerberos is appropriate for large installations as it scales better and is more secure then NIS / NIS+. Kerberizing programs such as telnet, imap and pop can be achieved with some effort, Windows clients with Kerberos support are harder to find however. Support for Kerberos is built into Windows 2000, however MS has added a proprietary extension which can cause problems. (Please note the URLs hidden in the text). From FreeBSDDiary.org: http://www.freebsddiary.org/ssh.php A telnet session uses clear text in all transmissions. That means that anyone snooping on the packets as they go between you and the machine can see what you are typing. That is unlikely and improbable, but it is possible. But it is important to note that everything you type, including passwords is readable. On the other hand, ssh encrypts this information and makes the information unreadable. I won't say it's impossible to crack because someone will prove me wrong. But given current technology, the stuff is secure enough for everyday use. And if you combine ssh with other common security procedures, such as changing your passwords regularly, things should be a great deal better than just with plain old telnet. (There are links to further resources at the bottom of the page if you follow the initial URL) Those are the first two reasonably understandable snippets I found, so I hope they help. Marci leegold wrote: > > I asked in comp.unix.bsd.freebsd.misc the follow and would appreciate > if anyone could help me with understanding the answer, it's a constant fight learning unix. > And, I don't think it has to be a "fight". Could anyone *help*. > > > newbie a bit overwhelmed by terminology: > > what is the difference between ssh vs. Kerberos? > > they're security and crypto protocols, right? > > Thanks, > > Lee G. > > Uh, apples and oranges. Kerberos is an authentication > and access control mechanism. Traditionally based on > shared symmetric keys between hosts, it employs the > concept of a ticket granting service and encrypted > credentials which are passed to hosts/processes to > gain access. The most recent versions incorporate > a lightweight PKI approach using certificate based > identities. > > SSH is a set of secure remote access programs which > provide an encrypted tunnel, no cleartext passwords, > X11 and other service forwarding,etc. There is no > ticket granting ticket or any concept of credentials, > only trusted public keys. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message