In article <[EMAIL PROTECTED]>, Julian Williams <[EMAIL PROTECTED]> wrote: : Thanks Dan. The inetd.confs are identical, and I always make sure I : have the credentials. I've tried re-comiling the code etc. I'm : concentrating on getting telnet -x to work. It works withou the -x, ie : no encryption if I have "/krb5/sbin/telnetd -a off" instead of : "telnetd -a valid". But half the point of kerberos is the encryption.
You say that you always have credentials and that authentication works without encryption. Therefore I would check to see which enctypes are being used since the TELNET ENCRYPT option does not work with all of the supported types. If you are truly interested in strong encryption then you should get rid of the MIT Telnet[d] and replace it with the Telnet[d] from the SRP distribution which uses the START_TLS option to negotiation strong encryption with TELNET AUTH KRB5 verification of the TLS session. http://www-cs-students.stanford.edu/~tjw/srp/ You should also look at C-Kermit 8.0 as your Telnet client of choice since it allows strict setting of Telnet policy options and provides for automation, file transfer, Kerberos FTP, ... http://www.columbia.edu/kermit/ckermit.html Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. Interfaces with OpenSSH
