Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kerberos Support In OpenSSH

Posted by Hemos on from the broader-support-a-good-thing dept.

Dan writes "Marshall Vale writes on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Marshall says that Kerberos support within OpenSSH may be incomplete and needs more work. In particular, implementing draft-ietf-secsh-gsskeyex in addition to any other Kerberos mechanisms will better serve the needs of Kerberos community. Secondly, he says that they would like to reduce user confusion associated with all of the different options for Kerberos and SSH. He suggests adoption of the GSSAPI key exchange mechanism in the IETF draft (which uses Kerberos to authenticate both parties to each other), in order to avoid man-in-the-middle attacks."

7 of 122 comments (clear)

  1. sad. by Anonymous Coward · · Score: 1, Funny

    What's sad is that at first glance I thought draft-ietf-secsh-gsskeyex said goatsecx. It is quite a jumble of acronyms, isn't it though?

  2. Re:Goatse Receiver, ass contortionist, dead at 55 by Anonymous Coward · · Score: 2, Funny

    it would be funny if there was a goatse article on slashdot, and all the goatse trolls were on topic.

  3. Other parties? by Nissyen · · Score: 5, Funny
    ...on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication...

    There are other parties interested in Kerberos?

    --
    Idol Star Astronomer
  4. Re:ssh and telnet by sporty · · Score: 2, Funny

    Crackability. Sounds like a word nabisco would use.

    "Ritz.. now with more crackability." /bored

    --

    -
    ping -f 255.255.255.255 # if only

  5. Cussed out in Klingon by sdjunky · · Score: 3, Funny

    "draft-ietf-secsh-gsskeyex"

    Yeah! Well, your mother!

  6. Ahh, yes.. draft-ietf-secsh-gsskeyex.. by RubberChainsaw · · Score: 2, Funny

    ..implementing draft-ietf-secsh-gsskeyex in addition to ..

    Ahh yes. draft-ietf-secsh-gsskeyex.
    Encryption so secure you need a key just to decipher the name!

    :)

    --
    I welcome our new 99% overlords.
  7. Yes SCO now owns Kerberos by Anonymous Coward · · Score: 2, Funny

    Since Kerberos was clearly developed with intent to run on the Unix platform, it is therefore a "derivative work" of Unix, and hence automatically becomes the Intellectual Property of SCO. You can be certain SCO is now *very* interested in the matter.