sftp/Kerberos

Randy McMurchy randy at linuxfromscratch.org
Wed Aug 1 09:12:46 PDT 2007


Alexander E. Patrakov wrote:

> AFAIK (I have never set up a Kerberos-based installation, but listened 
> to a friend that demonstrated how to do it) /etc/passwd is still used in 
> a Kerberos-based setup, and contains something like "*K*" in the 
> password field. Only /etc/shadow is not used. And, both sftp and ssh 
> link to libgssapi_krb5.so.2 :)

This is incorrect. In all my Kerberos installations, there is
nothing but the system users and root in /etc/passwd. Your friend
is wrong.


> Kerberos adds a secure single-sign-on authentication mechanism, but not 
> channel encryption.

Again, incorrect. Kerberos can be made (preferred, actually) so
that everything across the wire is encrypted (Heimdal for sure,
and I will check on MIT).

-- 
Randy




More information about the blfs-dev mailing list