On Friday, October 13, 2006 05:05:37 PM -0400 Wesley Chow <[EMAIL PROTECTED]> wrote:
> > Is there a kerberized tcpserver or inetd program out there? What I'd > like to do is kerberize an rsync file transfer session without having to > go through ssh. It also seems like having such a program would be > useful to kerberize any services that are already written with inetd or > tcpserver in mind... Kerberos only provides authentication and a shared secret. To properly "kerberize" an application protocol, it has to protect its commands and data from tampering by actually _doing_ something with that secret. There are a number of tools out there, including ssh, remctl, and a variety of TLS-based tools, which provide applications with an integrity-protected, encrypted data channel and which can use Kerberos authentication. In most cases, these require running the application in a particular way, which is generally _not_ the same as what inetd does (accept a connection and pass the TCP socket to the application). -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
