[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Since Fedora is not aimed at enterpise/business ..

On Thu, 2003-10-02 at 15:25, Bill Anderson wrote:

> Kerberos and SSh are not the same, and do not provide the same things,
> thus they are not replacements for each other. Unless, of course, you
> want to split hairs over the meaning of "is". ;)

We seem to be going in circles here.

Let me put it another way:

A Kerberized environment provides 90% of the functionality of SSH. The
"most common use" of SSH is 100% covered by Kerberos. The reverse is not
true (SSH cannot replace 90% of Kerberos).

"most common use" == "secure replacement" for telnet, r*, and ftp

"secure replacement" == Encryption and Authentication (host and user)

In other words, a Kerberized environment provides all the commonly used
functionality of SSH on an intranet plus a whole whole lot more.

The kerberized telnet/r*/ftp apps are part of and included with
Kerberos. Nobody sets up Kerberos and then uses no Kerberized clients
and daemons.

I'm not saying ban SSH when Kerberos is in use, what I am saying is

* "I don't need Kerberos 'cause I've got SSH" argument is a non-starter
(I'm not saying you said this)
* The need for SSH in a Kerberos environment is greatly diminished (this
seems to be the current point of contention)
* You pleaded to be able to install a kerberos-less install. Please
quantify (guestimate is OK) what you except the gains to be. (going back
to your original statement)

Dax Kelson

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]