randy at linuxfromscratch.org
Wed Aug 1 09:12:46 PDT 2007
Alexander E. Patrakov wrote:
> AFAIK (I have never set up a Kerberos-based installation, but listened
> to a friend that demonstrated how to do it) /etc/passwd is still used in
> a Kerberos-based setup, and contains something like "*K*" in the
> password field. Only /etc/shadow is not used. And, both sftp and ssh
> link to libgssapi_krb5.so.2 :)
This is incorrect. In all my Kerberos installations, there is
nothing but the system users and root in /etc/passwd. Your friend
> Kerberos adds a secure single-sign-on authentication mechanism, but not
> channel encryption.
Again, incorrect. Kerberos can be made (preferred, actually) so
that everything across the wire is encrypted (Heimdal for sure,
and I will check on MIT).
More information about the blfs-dev