[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Since Fedora is not aimed at enterpise/business ..



> So kerberized rlogin is fully encrypted? What encryption is used?

Yes.  Kerberized applications have full session-level encryption, similar to
TLS/SSL or SSH-TRANS (that is, if the application is Kerberized fully and/or
properly).

The cipher used depends on how you setup Kerberos and what you tell Kerberos to
use.  See:
http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/krb5-admin.html#Supported%20Encryption%20Types

> Not, can k-rlogin be encrypted, but does the fact that k-rlogin uses 
> kerberos for authentication guaranty that the session is encrypted?

Some kerberized applications use session-level encryption by default.  Some
don't.

> Could I write a version of k-rlogin that does not encrypt the connection?
> 
> Will you server, that normaly uses encrypted connections, allow a 
> non-encrypted connection?

There's usually a command line option to turn session encryption on or off, as
the case may be (-x in most cases, I think).  And the same kerberized daemons
accept encrypted and unencrypted connections.  For the default operation and
command line options of kerberized utilities in MIT's Kerberos distribution,
see:
http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/krb5-user.html#Kerberos%20V5%20Applications

> Can it be forced to not allow one?

I haven't a clue.  But, probably.

> The next most common is X11 forwarding.

So far as I know, there isn't yet a standalone, kerberized X11 forwarding
application.  So kerberized SSH is still very useful on kerberized networks if
for no other reason than that.

Okay, I'm done now,

Derek




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]