[14918] in Kerberos
Re: Is this a job for Kerberos?
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Wed Aug 1 11:52:54 2001
From: jaltman@watsun.cc.columbia.edu (Jeffrey Altman)
Date: 1 Aug 2001 15:51:44 GMT
Message-ID: <9k98ig$o18$1@newsmaster.cc.columbia.edu>
To: kerberos@MIT.EDU
Does your client's telnet application support the TELNET AUTH option?
If so, does it support Kerberos 5?
If not, does it support the TELNET START_TLS option?
kinit does not establish a secure connection to the server. kinit
retrieves credentials which can be used by an application such as
telnet to authenticate the application to the server. If successful,
the session keys negotiated during the authentication can be used
to secure the connection.
A Cisco router may be able to act as a Kerberos client or a service.
It cannot be a KDC.
In article <000601c11a9b$e0d20d80$8b6410ac@flightline>,
Ken Faber <kfaber@flightline.com> wrote:
: We currently have a telnet application that connects to a telnet host
: running on our private network.
:
: We have a need to access this telnet host via the open internet. We want to
: do this securely.
: And we want to be able to use our existing telnet software to do this - if
: this is possible. This means that once the secure connection is established,
: we want the use of this secure connection to be transparent to our client's
: telnet application.
:
: So after implementation your proposed solution - a user logged onto the open
: internet would:
:
: 1.) Using the right software such as kinit, the user would be able to
: establish a secure connection to our server.
:
: 2.) Then using any plain-jane telnet program, telnet to our host IP address.
:
: Anyone not successfully completing Step 1, would be unable to perform step
: 2.
:
: Can kerberos can accomplish this?
:
: Thanks
: -Ken Faber
:
: P.S. Does anyone know if a CISCO router can act as a KDC host?
:
Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available
The Kermit Project @ Columbia University includes Secure Telnet and FTP
http://www.kermit-project.org/ using Kerberos, SRP, and
kermit-support@kermit-project.org OpenSSL. SSH soon to follow.
