From owner-freebsd-questions  Tue Jan 19 16:59:42 1999
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA04189
          for freebsd-questions-outgoing; Tue, 19 Jan 1999 16:59:42 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from jason03.u.washington.edu (jason03.u.washington.edu [140.142.77.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA04182
          for <freebsd-questions@FreeBSD.ORG>; Tue, 19 Jan 1999 16:59:40 -0800 (PST)
          (envelope-from jcwells@u.washington.edu)
Received: from saul9.u.washington.edu (root@saul9.u.washington.edu [140.142.82.7])
	by jason03.u.washington.edu (8.9.1+UW98.09/8.9.1+UW98.09) with ESMTP id QAA21310;
	Tue, 19 Jan 1999 16:59:33 -0800
Received: from S8-37-26.student.washington.edu (S8-37-26.student.washington.edu [128.208.37.26])
	by saul9.u.washington.edu (8.9.1+UW98.09/8.9.1+UW98.09) with ESMTP id QAA02601;
	Tue, 19 Jan 1999 16:59:32 -0800 (PST)
Date: Tue, 19 Jan 1999 16:58:59 -0800 (PST)
From: "Jason C. Wells" <jcwells@u.washington.edu>
X-Sender: jason@s8-37-26.student.washington.edu
Reply-To: "Jason C. Wells" <jcwells@u.washington.edu>
To: John Saunders <john.saunders@nlc.net.au>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Kerberos info
In-Reply-To: <Pine.LNX.3.95.990120102040.12072A-100000@nhj.nlc.net.au>
Message-ID: <Pine.BSF.4.05.9901191655280.2274-100000@s8-37-26.student.washington.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 20 Jan 1999, John Saunders wrote:

>I'm after some very basic kerberos info. I'm not after install
>instructions (yet). I am after some info like "what is kerberos" and "what
>does it give me that is worth the effort to configure it". 

Kerberos is an authentication system. It is worth configure because it
keeps your password encrypted during transmission.

>I hear it's an authentication system, what is wrong with /etc/passwd?

Password authentication done the normal way requires your password to be
sent "cleartext" to the authenticating host. Anyone listening can grab
your password.

>Why not use NIS (yellow pages)?

I don't know why but I have this blue O'Reilly book that says NIS is a
serious security problem for networks that are connected to public
networks.

If you are interested in securing your system you should also investigate
'ssh'.

Catchya Later,		|	Give me UNIX or give me a typewriter.
Jason Wells		|	http://www.freebsd.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message