[14944] in Kerberos
Re: Is this a job for Kerberos?
daemon@ATHENA.MIT.EDU (Booker C. Bense)
Fri Aug 3 12:57:42 2001
Date: Fri, 3 Aug 2001 09:56:16 -0700 (PDT)
From: "Booker C. Bense" <bbense@networking.stanford.edu>
To: Ken Faber <kfaber@flightline.com>
cc: <kerberos@mit.edu>
In-Reply-To: <000601c11a9b$e0d20d80$8b6410ac@flightline>
Message-ID: <Pine.GSO.4.33.0108030952360.21505-100000@shred.stanford.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 1 Aug 2001, Ken Faber wrote:
> We currently have a telnet application that connects to a telnet host
> running on our private network.
>
> We have a need to access this telnet host via the open internet. We want to
> do this securely.
> And we want to be able to use our existing telnet software to do this - if
> this is possible. This means that once the secure connection is established,
> we want the use of this secure connection to be transparent to our client's
> telnet application.
>
> So after implementation your proposed solution - a user logged onto the open
> internet would:
>
> 1.) Using the right software such as kinit, the user would be able to
> establish a secure connection to our server.
>
> 2.) Then using any plain-jane telnet program, telnet to our host IP address.
>
> Anyone not successfully completing Step 1, would be unable to perform step
> 2.
>
> Can kerberos can accomplish this?
>
- I'd say no. Your question is very fuzzily worded and shows that
you don't really understand what kerberos does.
- Overall, ssh would seem to be a much better fit for what you
want to do. Anything you do is going to require installing some
specialized software on the client.
- Booker C. Bense
