RE: ITP: pam-krb5

To: Steve Langasek <vorlon@netexpress.net>
Cc: debian-devel@lists.debian.org
Subject: RE: ITP: pam-krb5
From: "Sean 'Shaleh' Perry" <shaleh@valinux.com>
Date: Thu, 16 Nov 2000 15:05:54 -0800 (PST)
Message-id: <[🔎] XFMail.20001116150554.shaleh@valinux.com>
In-reply-to: <[🔎] Pine.LNX.4.10.10011161655400.17062-100000@tennyson.netexpress.net>

> 
> If you use pam-krb5 for authenticating (e.g.) telnet or ftp, you'll
> effectively negate the security advantages of using Kerberos, because you'll
> be passing a cleartext password across the network before authenticating
> against Kerberos.  For some people, plaintext passwords on a network are not
> really an issue; but if you're using Kerberos as a backend it definitely /is/
> an issue, because people may trust the security of the system "just because"
> you're using Kerberos.
> 

I used GNU machines for a while.  I had to get an auth ticket, then I used krb
telnet.  Was my password sent in cleartext when I received my ticket?

Reply to:

Follow-Ups:
- RE: ITP: pam-krb5
  - From: Steve Langasek <vorlon@netexpress.net>

References:
- RE: ITP: pam-krb5
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: Anarchism package
Next by Date: RE: ITP: pam-krb5
Previous by thread: RE: ITP: pam-krb5
Next by thread: RE: ITP: pam-krb5
Index(es):
- Date
- Thread