Since Fedora is not aimed at enterpise/business ..

Bill Anderson bill at noreboots.com
Tue Oct 7 12:38:27 UTC 2003


On Tue, 2003-10-07 at 00:06, Derek P. Moore wrote:
> > Kerberos does not do X11-forwarding, for example.
> 
> True that.
> 
> > Nor does Kerberos provide remote file copying (such
> > as sftp and scp).
> 
> Kerberos provides those features with Kerberized ftp,
> rcp, etc.

*sigh* another person who can't seem to distinguish between an a
authentication mechanism and apps compiled with support for it. Why even
your words above should tell you that: "kerberized ftp,rcp" the ftp or
rcp, telnet apps are providing those services, kerberos is providing the
authentication.

> 
> > I'd argue that SSH would be a massive need in that
> > environment.
> 
> Not really true.  With Kerberos: telnet, ftp, rsh,
> rcp, etc., etc., automagically become secure.  Not
> only in terms of authentication, but also in terms of
> strong encryption of sessions.


Read the post again, with open eyes this time and see that the
environment described uses a kerberized ssh to do all of those
functions, and that therefore qualifies as a "kerberized environment"
that relies heavily on SSH. You are blindly associating apps compiled
with kerberos *support* with the Kerberos itself.

"Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by using
secret-key cryptography." MIT

One is a protocol, the other is not. Think of SSL and you may start to
get the picture. SSL doesn't server web pages, or serve email. It
provides an encryption layer. I can use SSL on Apache, Zope, or dozens
of other servers. Yet you don't claim SSL provides http service.
Kerberos, like SSL is a supporting library/protocol for something else;
it does *nothing* on it's own. SSH is it's own app/server. Apples and
Oranges.


> > My point was that K and SSH are *not* replacements
> > for each other. It still stands. They are different
> > things with different purposes.
> 
> Actually, K is really /more/ than just a replacement
> for SSH.

No, K requires additional apps to achieve some of the functionality of
SSH. Period. That's not saying one is better than the other, merely that
they are fundamentally different and as such are not replacements for
each other. If you can't tell the difference between an app w/support
for the Foo Protocol and the Foo Protocol, then we have nothing further
to discuss.

-- 
Bill Anderson
RHCE #807302597505773
bill at noreboots.com







More information about the fedora-devel-list mailing list