From: Derek Atkins <warlord@MIT.EDU>
To: Jef Poskanzer <jef@ee.lbl.gov>
Message Hash: b8047c23a77caba03d161441b2e68f3491cb19bb094f129657c16222dc66cf60
Message ID: <9403012149.AA00966@toxicwaste.media.mit.edu>
Reply To: <9403012126.AA09307@hot.ee.lbl.gov>
UTC Datetime: 1994-03-01 21:49:25 UTC
Raw Date: Tue, 1 Mar 94 13:49:25 PST
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 1 Mar 94 13:49:25 PST
To: Jef Poskanzer <jef@ee.lbl.gov>
Subject: Re: low-overhead encrypted telnet
In-Reply-To: <9403012126.AA09307@hot.ee.lbl.gov>
Message-ID: <9403012149.AA00966@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
> I'll check this out, but if it's based on Kerberos it's probably
> useless for the reasons mentioned above.
Charon does not require any shared kerberos. All it does require is
that the destination server have an rcmd srvtab, and the user have a
kerberos principal that can authenticate to that server in some form.
To use your netcom example, if netcom had their own kerberos realm,
and if they were running the Charon server, then anyone with a Charon
client and a netcom account could securely authenticate to their
netcom account, no matter where they were actually coming from.
-derek
Return to March 1994
Return to “Jef Poskanzer <jef@ee.lbl.gov>”