Since Fedora is not aimed at enterpise/business ..
Derek P. Moore
derek.moore at sbcglobal.net
Tue Oct 7 06:06:28 UTC 2003
> Kerberos does not do X11-forwarding, for example.
True that.
> Nor does Kerberos provide remote file copying (such
> as sftp and scp).
Kerberos provides those features with Kerberized ftp,
rcp, etc.
> The main feature of SSH is that I can establish a
> secure connection from point a to point b, more than
> just secure authorization but having the entire
> session encrypted. Kerberos does not do that.
Yes, it does.
> It was not designed to.
Yes, it was.
> As I've said, Kerberos can be used to provide the
> authentication mechanism for SSH.
True.
> This should be a hint that they are not replacements
> for each other.
Not true.
> Indeed, one could have an SSH kerberized intranet
> that uses SSH as the remote login facility!
Not true.
> I'd argue that SSH would be a massive need in that
> environment.
Not really true. With Kerberos: telnet, ftp, rsh,
rcp, etc., etc., automagically become secure. Not
only in terms of authentication, but also in terms of
strong encryption of sessions.
> To compare them is to compare apples to buffets.
Not true.
> My point was that K and SSH are *not* replacements
> for each other. It still stands. They are different
> things with different purposes.
Actually, K is really /more/ than just a replacement
for SSH.
Peace out,
Derek
More information about the fedora-devel-list
mailing list