Alexander E. Patrakov wrote: > AFAIK (I have never set up a Kerberos-based installation, but listened > to a friend that demonstrated how to do it) /etc/passwd is still used in > a Kerberos-based setup, and contains something like "*K*" in the > password field. Only /etc/shadow is not used. And, both sftp and ssh > link to libgssapi_krb5.so.2 :)
This is incorrect. In all my Kerberos installations, there is nothing but the system users and root in /etc/passwd. Your friend is wrong. > Kerberos adds a secure single-sign-on authentication mechanism, but not > channel encryption. Again, incorrect. Kerberos can be made (preferred, actually) so that everything across the wire is encrypted (Heimdal for sure, and I will check on MIT). -- Randy -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
