Re: encrypting telnet
Rick Watson <rick@akbar.cc.utexas.edu> Mon, 03 April 1995 21:27 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa01520; 3 Apr 95 17:27 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa01516; 3 Apr 95 17:27 EDT
Received: from timbuk.cray.com by CNRI.Reston.VA.US id aa15054; 3 Apr 95 17:27 EDT
Received: from sdiv.cray.com (ironwood.cray.com [128.162.21.36]) by timbuk.cray.com (8.6.9/CRI-fence-1.4) with SMTP id QAA01196; Mon, 3 Apr 1995 16:17:57 -0500
Received: by sdiv.cray.com (5.0/CRI-5.15.b.orgabbr Sdiv) id AA28829; Mon, 3 Apr 1995 16:17:51 -0500
Received: from timbuk.cray.com by sdiv.cray.com (5.0/CRI-5.15.b.orgabbr Sdiv) id AA28779; Mon, 3 Apr 1995 16:17:44 -0500
Received: from akbar.cc.utexas.edu (akbar.cc.utexas.edu [128.83.186.24]) by timbuk.cray.com (8.6.9/CRI-fence-1.4) with SMTP id QAA01141 for <telnet-ietf@cray.com>; Mon, 3 Apr 1995 16:17:40 -0500
Received: by akbar.cc.utexas.edu (5.57/Ultrix3.0-C) id AA21018; Mon, 3 Apr 95 16:17:14 -0500
Date: Mon, 03 Apr 1995 16:17:14 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Rick Watson <rick@akbar.cc.utexas.edu>
Message-Id: <9504032117.AA21018@akbar.cc.utexas.edu>
To: hedrick@heidelberg.rutgers.edu, telnet-ietf@cray.com
Subject: Re: encrypting telnet
Cc: JEFF@mitvma.mit.edu, gnu@cygnus.com
Content-Length: 3583
Chuck, Since I've also worked on encrypted access to administrative systems, I'll summarize what I know. You should also take a look at: http://ccmc17.cc.ncsu.edu/sma/sma.html for other Mac Kerberos implementations. The University of Texas developed auth/encrypt Macintosh client software for NCSA/Telnet and Brown University's tn3270. Kerberos V4 and Diffie-Hellman are supported. The "old" separate auth/encrypt options (37 and 38) were used. We developed the method for using Diffie-Hellman to generate secret keys to encrypt the login information and/or the session. It is similar to, but not the same as Texas A&M's SRA. The Mac client auth/encrypt code is in separate "plugin" modules so that other auth/encrypt methods can be added without changing the base Telnet or Tn3270 code. John Gilmore at Cygnus Support, gnu@cygnus.com, is working on a K5 plugin. The plugin support is in NCSA/Telnet release 2.6.1 and beyond. I don't know if Peter has ever released this in tn3270. I'm working on the public release of the plugin code. We (UT) worked with Open Connect to support K4 and Diffie-Hellman auth/encrypt in their server that runs under various Unix systems which front end an IBM 3174. This (commercial) software should be available shortly in their next release. We've also worked with OC on their DynaCom Window's client. Diffie-Hellman is supported; I'm not sure about Kerberos. I think Jeff Harrington, jeff@mitvma.mit.edu, has worked on another IBM tn3270 server implementation. On the TODO list: - Work with TAMU/SRA to make Diffie-Hellman methods compatible and work with IETF to propose a draft. - Find out status of IETF "new" auth-encrypt option. - Find out status of IETF TN3270 encryption options. Rick Watson The University of Texas Computation Center, Networking Services, 512/475-9220 r.watson@utexas.edu > From owner-telnet-ietf@mojo.ots.utexas.edu Mon Apr 3 15:46:31 1995 > Received: by mojo.ots.utexas.edu id AA11987 > (5.65+/IDA-1.3.5); Mon, 3 Apr 95 15:33:29 -0500 > Received: from timbuk.cray.com by mojo.ots.utexas.edu with SMTP id AA11979 > (5.65+/IDA-1.3.5 for /usr/lib/sendmail -odq -oi -fowner-telnet-ietf telnet-ietf-list); Mon, 3 Apr 95 15:33:27 -0500 > Received: from sdiv.cray.com (ironwood.cray.com [128.162.21.36]) by timbuk.cray.com (8.6.9/CRI-fence-1.4) with SMTP id PAA21998; Mon, 3 Apr 1995 15:32:23 -0500 > Received: by sdiv.cray.com (5.0/CRI-5.15.b.orgabbr Sdiv) > id AA17922; Mon, 3 Apr 1995 15:27:12 -0500 > Received: from timbuk.cray.com by sdiv.cray.com (5.0/CRI-5.15.b.orgabbr Sdiv) > id AA17915; Mon, 3 Apr 1995 15:27:10 -0500 > Received: from heidelberg.rutgers.edu (heidelberg.rutgers.edu [128.6.26.25]) by timbuk.cray.com (8.6.9/CRI-fence-1.4) with ESMTP id PAA21079 for <telnet-ietf@cray.com>; Mon, 3 Apr 1995 15:27:01 -0500 > Received: (from hedrick@localhost) by heidelberg.rutgers.edu (8.6.10+bestmx+oldruq+newsunq/8.6.10) id QAA14597 for telnet-ietf@cray.com; Mon, 3 Apr 1995 16:27:04 -0400 > Date: Mon, 3 Apr 1995 16:27:04 -0400 > From: Chuck Hedrick <hedrick@heidelberg.rutgers.edu> > Message-Id: <199504032027.QAA14597@heidelberg.rutgers.edu> > To: telnet-ietf@cray.com > Subject: encrypting telnet > Content-Length: 330 > Status: R > > Is there any summary of available telnet implementations that > encrypt? We're looking at encrypting connections to our > administrative systems. For this we'd need at least clients > under Microsoft Windows and Unix, and the host side under Unix, > but it would be preferable to have a host end also under IBM MVS, > and tn3270 support. > >
- Re: encrypting telnet Rick Watson
- encrypting telnet Chuck Hedrick
- Re: encrypting telnet John Gilmore