On Mon, 2004-11-08 at 21:55 +1100, O Plameras wrote: > Matthew Palmer wrote: > > >>The point here is having a connection ( established through kerberised > >>telnet), and once > >>that connection is established, the messages exchanged between the two > >>computers are > >>encrypted. > >> > >> > > > >Not necessarily. Only if both ends of the connection negotiated some sort > >of stream encryption after the authentication has taken place. > > > > > > This is certainly wrong. Once connection is established in the Kerberos > Realm > all communications and messages exchanges are encrypted in accordance with > the rules as specified in Kerberos.
Actually, you are wrong, according to my "Kerberos the definitive guide" book here. The exact things that are encrypted, and how, depend on which kerberos implementation and version you are using, but regardless of that, kerberos itself only specifies the encryption for the AS handshake to get a TGT, and the TGS handshake for getting a ticket for a specific service. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
