Re: Mail List

Theodore Ts'o <tytso@athena.mit.edu> Wed, 16 February 1994 21:06 UTC

Date: Wed, 16 Feb 1994 16:05:29 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Theodore Ts'o <tytso@athena.mit.edu>
Message-Id: <9402162105.AA24833@tsx-11.MIT.EDU>
To: aldo@elxsi.ernet.in
MMDF-Warning: Parse error in original version of preceding line at CNRI.Reston.VA.US
Cc: telnet-ietf@cray.com
In-Reply-To: aldo@elxsi.ernet.in's message of Wed, 9 Feb 1994 11:04:10 -0800 (PST), <9402091904.AA11526@elxsi.ernet.in>
Subject: Re: Mail List
Address: 1 Amherst St., Cambridge, MA 02139
Phone: (617) 253-8091

   From: <aldo@elxsi.ernet.in>
   Date: Wed, 9 Feb 1994 11:04:10 -0800 (PST)

   I also have some queries on version 5 of Kerberos and its 
   implementation in Telnet. Is there  some  standardization
   on encrypting the Password in the seesion key. The Telnet
   that I have presently  sends the  Password in  cleartext.
   The only way to encrypt it is to go into the command mode
   and enter the  'enable encrypt DES_CFB64'  command. Would
   also like to know how Telnet should  operate when  either
   authentication  or  encryption is  not  supported. Is the 
   user informed of this somehow so that he/she can have the
   choice of either logging in or not.

If you are using a telnet and telnetd which support Kerberos
authentication, then you never have to type a password; the Kerberos
authentication system allows you to authenticate to the server without
needing to send your password over the network at all.

There is currently work being done on a combined authentication and
encryption standard (using the Kerberos authentication to supply the
session key to be used for the encryption), but this work is still in
progress.  Note that this wouldn't be used for encrypting the password,
but rather for protecting the data stream after you have logged into the
remote host.

						- Ted

Mail List aldo
Re: Mail List Theodore Ts'o