Sender: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
References: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (Niels M�ller)
Date: 14 Mar 2000 10:27:14 +0100
Lines: 14
X-Mailer: Gnus v5.7/Emacs 20.5
Phillip Rulon <[EMAIL PROTECTED]> writes:
> IMO, the standard ought to be Kerberos (|Heimdal). [ls]sh just encrypts,
> it doesn't do the authentication the way Kerberos does. I'm not wild
> about having 47 different ways to get into these machines. I don't want
> to sound like a BOFH but it is easier to manage 1 or 2 methods than
> many.
Currently, LSH only does password and publickey authentication (and
you can disable one of them with an option to lshd). Kerberos and SRP
for user authentication is on the TODO list.
I look forward to using them together.
As a user, I kindof like flexibility.
Fair enough. As a sysadmin, I kindof like simplicity, as a user I kindof
like Kerberos. Like I said, I don't want to be a BOFH, but I don't want
to look like a damned fool the next time the vandals get in and mess things
up. Let's again agree to use lsh with and beside Kerberos.
lsh is GPL software, sure it's still beta and there is a risk in using
it, but it's clear that GNU should be an early adopter. How else can we
expect others to use it if we are not activly testing it? I don't look
forward to a hole in lsh, but, if there is one, I strongly hope it is
we who discover it.
pjr
