On Mon, 2004-11-08 at 15:50 +1100, O Plameras wrote: > Tony Green wrote: > > > > > They can be used together but kerberos on it's own provides no way to > > remotely (or locally) access the machine. > > Kerberos can because it comes with kerberized telnet, rsh, rlogin, rcp, etc. > that lets us connect to another machine in the realm. > > Of course I can ssh to machines that are members of kerberos realm. But why > should I need ssh when I have kerberos ? The reason I'm running kerberos > is it is a stronger cryptographic security tool than SSH.
ssh is not a 'cryptographic security tool'. Neither is kerberos. Well maybe they are, if that was defined anywhere. (Well, epanorama claim it is, but they appear to be the only site on the internet doing so). kerberos does not provide remote access, only AAA. kerberised telnet is still plaintext, so anything such as sudo being run via it will allow password sniffing, which in combination with a session hijack provide a gaping hole into the system that ssh doesn't. kerberised ssh is encrypted end to end, prevent password sniffing on the net, and hugely reducing the ability for session hijacks to occur. You can use ssh with kerberos to have non-local password details, and encrypted remote access. ssh and kerberos are complementary programs, with almost no overlap. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
