Re: Kerberos on .debian.org?
>>>>> "Steve" == Steve Langasek <email@example.com> writes:
Steve> On 8 Mar 2001, Turbo Fredriksson wrote:
>> I've been playing with the krb5-* packages and I'm _IMPRESSED_!
>> I never used kerberos before, but it's cool (and secure, let's
>> not forget that! :).
>> With the help of 'libpam-krb5' and the pam_krb5_migrate.so (can
>> be found at 'ftp://ftp.netexpress.net/pub/pam/') it would be
>> 'easy' to be able to use krsh/ktelnet etc to login securely to
>> any Debian machine.
Steve> Careful -- you should never use libpam-krb5 for
Steve> authenticating remote connections. It won't provide secure
Steve> communication with the remote user; the password will be
Steve> sent plaintext across the network, and then securely
Steve> verified against the KDC. If you want kerberos network
Steve> authentication, you'll need to set up krshd and ktelnetd.
libpam-krb5 makes a fine addition to ssh and is no less secure than
Also, note that in an environment where you use krb5 and allow
plaintext passwords, you may choose to use libpam-krb5 rather than say
storing your passwords in LDAP. Yes, it is insecure, but provides
better migration possibilities. Then again, I suspect you know all