Now, I posed the problem without really knowing the complete details of the circumstances
because 'kerberos' is meant to be the strongest security protection against this sort of
attacks. I gather that 'ssh' which I noticed is the cryptographic security procedure used
at these Debian sites has not prevented the attacks. I note here some differences between
ssh and kerberos:
1. SSH needs local identity files whilst kerberos does not (Attacker has less info to
paly with)
2. SSH does not impose time restrictions on a session whilst kerberos does (Prevents
replay attacks)
3. In SSH the client decides what tools and application to run on the server
whilst in kerberos, the server may restrict the clients from running certain tools and
applications (Ease and simplicity of management as to who and what to allow or
disallow)
This is my understanding of SSH and Kerberos so correct me if I'm wrong.
SSH is a remote shell Kerberos is an authentication system
http://www.ssh.com/support/documentation/online/ssh/adminguide/32/ Kerberos_Authentication.html
They can be used together but kerberos on it's own provides no way to remotely (or locally) access the machine.
--
Tony Green <[EMAIL PROTECTED]>
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
