Re: Mail List
Theodore Ts'o <tytso@athena.mit.edu> Wed, 16 February 1994 21:06 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa11644; 16 Feb 94 16:06 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa11640; 16 Feb 94 16:06 EST
Received: from timbuk.cray.com by CNRI.Reston.VA.US id aa19672; 16 Feb 94 16:06 EST
Received: from hemlock.cray.com by cray.com (Bob mailer 1.2) id AA12008; Wed, 16 Feb 94 15:06:03 CST
Received: by hemlock.cray.com id AA17189; 4.1/CRI-5.6; Wed, 16 Feb 94 15:05:57 CST
Received: from cray.com (timbuk.cray.com) by hemlock.cray.com id AA17185; 4.1/CRI-5.6; Wed, 16 Feb 94 15:05:52 CST
Received: from tsx-11.MIT.EDU by cray.com (Bob mailer 1.2) id AA11992; Wed, 16 Feb 94 15:05:50 CST
Received: by tsx-11.MIT.EDU with sendmail-5.61/1.2, id AA24833; Wed, 16 Feb 94 16:05:29 EST
Date: Wed, 16 Feb 1994 16:05:29 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Theodore Ts'o <tytso@athena.mit.edu>
Message-Id: <9402162105.AA24833@tsx-11.MIT.EDU>
To: aldo@elxsi.ernet.in
MMDF-Warning: Parse error in original version of preceding line at CNRI.Reston.VA.US
Cc: telnet-ietf@cray.com
In-Reply-To: aldo@elxsi.ernet.in's message of Wed, 9 Feb 1994 11:04:10 -0800 (PST), <9402091904.AA11526@elxsi.ernet.in>
Subject: Re: Mail List
Address: 1 Amherst St., Cambridge, MA 02139
Phone: (617) 253-8091
From: <aldo@elxsi.ernet.in> Date: Wed, 9 Feb 1994 11:04:10 -0800 (PST) I also have some queries on version 5 of Kerberos and its implementation in Telnet. Is there some standardization on encrypting the Password in the seesion key. The Telnet that I have presently sends the Password in cleartext. The only way to encrypt it is to go into the command mode and enter the 'enable encrypt DES_CFB64' command. Would also like to know how Telnet should operate when either authentication or encryption is not supported. Is the user informed of this somehow so that he/she can have the choice of either logging in or not. If you are using a telnet and telnetd which support Kerberos authentication, then you never have to type a password; the Kerberos authentication system allows you to authenticate to the server without needing to send your password over the network at all. There is currently work being done on a combined authentication and encryption standard (using the Kerberos authentication to supply the session key to be used for the encryption), but this work is still in progress. Note that this wouldn't be used for encrypting the password, but rather for protecting the data stream after you have logged into the remote host. - Ted
- Mail List aldo
- Re: Mail List Theodore Ts'o