Since Fedora is not aimed at enterpise/business ..
Derek P. Moore
derek.moore at sbcglobal.net
Fri Oct 10 22:06:13 UTC 2003
> So kerberized rlogin is fully encrypted? What encryption is used?
Yes. Kerberized applications have full session-level encryption, similar to
TLS/SSL or SSH-TRANS (that is, if the application is Kerberized fully and/or
properly).
The cipher used depends on how you setup Kerberos and what you tell Kerberos to
use. See:
http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/krb5-admin.html#Supported%20Encryption%20Types
> Not, can k-rlogin be encrypted, but does the fact that k-rlogin uses
> kerberos for authentication guaranty that the session is encrypted?
Some kerberized applications use session-level encryption by default. Some
don't.
> Could I write a version of k-rlogin that does not encrypt the connection?
>
> Will you server, that normaly uses encrypted connections, allow a
> non-encrypted connection?
There's usually a command line option to turn session encryption on or off, as
the case may be (-x in most cases, I think). And the same kerberized daemons
accept encrypted and unencrypted connections. For the default operation and
command line options of kerberized utilities in MIT's Kerberos distribution,
see:
http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/krb5-user.html#Kerberos%20V5%20Applications
> Can it be forced to not allow one?
I haven't a clue. But, probably.
> The next most common is X11 forwarding.
So far as I know, there isn't yet a standalone, kerberized X11 forwarding
application. So kerberized SSH is still very useful on kerberized networks if
for no other reason than that.
Okay, I'm done now,
Derek
More information about the fedora-devel-list
mailing list