Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Jul 2001 09:53:19 -0400
From:      Marcia Barrett Nice <mimerki@saintmail.net>
To:        leegold <goldtech@worldpost.com>
Cc:        freebsd-newbies@FreeBSD.ORG
Subject:   Re: newsgroup way over my head
Message-ID:  <3B62C3CF.2FA4AABC@saintmail.net>
References:  <000d01c11715$4fd20300$0a87accf@shavedham>

next in thread | previous in thread | raw e-mail | index | archive | help
I think your question may be a bit much for -newbies, but I'm going to
try giving you some links and hope they answer your questions.  

From SecurityPortal.com:
http://securityportal.com/lskb/10000100/kben10000105.html

Kerberos is a modern network authentication system based on the idea of
handing a user a ticket once they have authenticated to the Kerberos
server (similar to NT's use of tokens). Kerberos is
available from: http://web.mit.edu/kerberos/www/. The Kerberos FAQ is
available at: http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html.
Kerberos is appropriate for large installations as
it scales better and is more secure then NIS / NIS+. Kerberizing
programs such as telnet, imap and pop can be achieved with some effort,
Windows clients with Kerberos support are harder to
find however. Support for Kerberos is built into Windows 2000, however
MS has added a proprietary extension which can cause problems.

(Please note the URLs hidden in the text).

From FreeBSDDiary.org:
http://www.freebsddiary.org/ssh.php


A telnet session uses clear text in all transmissions.  That means that
anyone snooping on the packets as they go between you and the machine
can see what you are typing.  That is unlikely
 and improbable, but it is possible.  But it is important to note that
everything you type, including passwords is readable.

 On the other hand, ssh encrypts this information and makes the
information unreadable.   I won't say it's impossible to crack because
someone will prove me wrong.  But given current
 technology, the stuff is secure enough for everyday use.  And if you
combine ssh with other common security procedures, such as changing your
passwords regularly, things should be a great
 deal better than just with plain old telnet.

(There are links to further resources at the bottom of the page if you
follow the initial URL)

Those are the first two reasonably understandable snippets I found, so I
hope they help.  

Marci

leegold wrote:
> 
> I asked in comp.unix.bsd.freebsd.misc the follow and would appreciate
> if anyone could help me with understanding the answer,  it's a constant fight learning unix.
> And, I don't think it has to be a "fight". Could anyone *help*.
> 
> > newbie a bit overwhelmed by terminology:
> > what is the difference between ssh vs. Kerberos?
> > they're security and crypto protocols, right?
> > Thanks,
> > Lee G.
> 
> Uh, apples and oranges. Kerberos is an authentication
> and access control mechanism.  Traditionally based on
> shared symmetric keys between hosts, it employs the
> concept of a ticket granting service and encrypted
> credentials which are passed to hosts/processes to
> gain access.  The most recent versions incorporate
> a lightweight PKI approach using certificate based
> identities.
> 
> SSH is a set of secure remote access programs which
> provide an encrypted tunnel, no cleartext passwords,
> X11 and other service forwarding,etc.  There is no
> ticket granting ticket or any concept of credentials,
> only trusted public keys.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-newbies" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B62C3CF.2FA4AABC>