Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Jan 1999 22:44:44 +1100
From:      jonathan michaels <jon@caamora.com.au>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Kerberos info
Message-ID:  <19990120224444.A6919@caamora.com.au>
In-Reply-To: <Pine.BSF.4.05.9901191655280.2274-100000@s8-37-26.student.washington.edu>; from Jason C. Wells on Tue, Jan 19, 1999 at 04:58:59PM -0800
References:  <Pine.LNX.3.95.990120102040.12072A-100000@nhj.nlc.net.au> <Pine.BSF.4.05.9901191655280.2274-100000@s8-37-26.student.washington.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 19, 1999 at 04:58:59PM -0800, Jason C. Wells wrote:
> On Wed, 20 Jan 1999, John Saunders wrote:
> 
> >I'm after some very basic kerberos info. I'm not after install
> >instructions (yet). I am after some info like "what is kerberos" and "what
> >does it give me that is worth the effort to configure it". 
> 
> Kerberos is an authentication system. It is worth configure because it
> keeps your password encrypted during transmission.

jason, i have a few machines at home in my now all freebsd network, i only 
have a personal link tot he internetworking community beyound my freebsd 
router. do you think it would be worth my while to run kerberos as well ?

i have a few people loging in to do work on thier own webpages, and the rest 
are just webpage browsers .. not to amny as the pages that are here are very 
raw and suffering from builder notknowing what to do next.

> >I hear it's an authentication system, what is wrong with /etc/passwd?
> 
> Password authentication done the normal way requires your password to be
> sent "cleartext" to the authenticating host. Anyone listening can grab
> your password.

wouldn't ssh solve a lot of those probelms .. or is ssh differnt to the way 
kerberos does teh passwd encoding ?

> 
> >Why not use NIS (yellow pages)?
> 
> I don't know why but I have this blue O'Reilly book that says NIS is a
> serious security problem for networks that are connected to public
> networks.

not knowing either, but surmising that nis (yp) was built at a time when the 
internetworking community was a knder place were people sorta knew each other 
and definately trusted each other .. unlike now were all sorts of jerks can 
get on and reap largscale havoc .. just for 'fun', thi si how i see it as 
happening .. yes ? 

> If you are interested in securing your system you should also investigate
> 'ssh'.

hwo could/would you integrate ssh and kerberos into a security concious 
frontend for ones freebsd system ?

regards and thank you

jonathan

-- 
===============================================================================
Jonathan Michaels
PO Box 144, Rosebery, NSW 1445 Australia
===========================================================<jon@caamora.com.au>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990120224444.A6919>