Since Fedora is not aimed at enterpise/business ..

Bill Anderson bill at noreboots.com
Tue Oct 7 12:46:43 UTC 2003


Last one.

On Tue, 2003-10-07 at 00:42, Derek P. Moore wrote:
> > Note, those are *apps* not kerberos supplying those.
> > Use a kerberized ssh and you have no need for
> telnet,
> > ssh, ftp, rlogin. rcp, et al..
> 
> Sorta true, but not really. 

No, it is true. A kerberized ssh will perform your beloved Kerberos
authentication, as well as provide login services, file transfer
capabilities, and more. Period. As such, using that setup there is no
need for those other apps in such an environment as described.

> > And on top of it you get all the other nice things
> > that SSH does. Mayeb it's me but I don't consider
> > being able to log into a remote machine, launch a
> > graphical app and have it display on my screen
> weird.
> > Even if that machine is through several other "hops"
> > of machines.
> 
> To pick a nit:  Can't you do this same thing with
> telnet?  At least as long as you set the DISPLAY
> environment variable correctly (or use --display [or
> -display]).

No you can't. To make it simple:

You sit behind a corporate firewall. There is no connectivity from the
outside world in to your environment, as they do not allow inbound
traffic. As such, no amount of DISPLAY exporting will cause the display
form a machine outside the firewall to your machine inside. With SSH,
the X connection is tunnelled through the ssh connection itself. By
exporting DISPLAY=foo.com:0 you must have a route from the remote
machine to yours. Another example is if the local Xserver doesn't allow
remote connections, such as when firewalled off by the local machine.


-- 
Bill Anderson
RHCE #807302597505773
bill at noreboots.com







More information about the fedora-devel-list mailing list