Date: Thu, 25 Mar 1999 14:10:59 +1000 (EST) From: Gary Gaskell <gaskell@isrc.qut.edu.au> To: Mike Thompson <miket@dnai.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Kerberos vs SSH Message-ID: <Pine.GSO.4.10.9903251409300.17330-100000@primrose.isrc.qut.edu.au> In-Reply-To: <4.1.19990324113601.0097aeb0@mail.dnai.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I was using rsh/rlogin with a kerberos server for something similar 5
years ago (kerberos v5) and it was all free, save the time of compilation
and configuration.
What's the problem? the rtools are part of the MIT distribution.
Gary
On Wed, 24 Mar 1999, Mike Thompson wrote:
> We are configuring a series of web servers running FreeBSD 2.2.8
> for a new Internet service. To implement our service we need
> to provide a mechanism for secure communication between the
> servers using an rsh-like facility.
>
> One method of doing this would be to run SSH on each server for
> encrypted/authenticated communication. However, the downsides
> of this are that there wouldn't be a central administration
> facility for managing authentication information (unless we
> create one), ssh has a relatively high CPU overhead to encrypt
> all communications and we would like to avoid paying the substantial
> license fees for SSH across a large number of servers.
>
> An alternative would be to run a rsh in combination with a
> Kerberos server to centrally administer authentication
> information between each server. Communication between the
> servers would take place behind a router to prevent
> interception of the unencoded packets. We would also use
> IPFW to restrict communication with rsh as further protection
> against hacking.
>
> Does anyone here have an opinion as to whether rsh and Kerberos
> can be used in this manner for efficient and secure communication
> between web servers running a distributed application?
>
> Ideally, we want to keep the cost per server as low as possible
> with regards to licensing fees, but we also don't want to compromise
> on security.
>
> Thanks,
>
> Mike Thompson
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
Cheers,
Gary
-----------------------------------------------------------
Gary Gaskell
Manager Secure Network Laboratory Phone (07) 3864 1190
Information Security Research Centre Fax (07) 3221 2384
Queensland University of Technology
-----------------------------------------------------------
_--_|\
/ QUT A University for http://www.qut.edu.au/
_.--._/ the Real World.
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.9903251409300.17330-100000>