RE: ITP: pam-krb5
>
> If you use pam-krb5 for authenticating (e.g.) telnet or ftp, you'll
> effectively negate the security advantages of using Kerberos, because you'll
> be passing a cleartext password across the network before authenticating
> against Kerberos. For some people, plaintext passwords on a network are not
> really an issue; but if you're using Kerberos as a backend it definitely /is/
> an issue, because people may trust the security of the system "just because"
> you're using Kerberos.
>
I used GNU machines for a while. I had to get an auth ticket, then I used krb
telnet. Was my password sent in cleartext when I received my ticket?
Reply to: