On Wednesday, August 27, 2003, at 03:47 PM, Steve Langasek wrote:
On Wed, Aug 27, 2003 at 03:37:24PM -0400, Brian Davidson wrote:On Wednesday, August 27, 2003, at 02:16 PM, Matthijs Mohlmann wrote:
Am i right when i say libpam-krb5 send's the password cleartext over the network ?
In a nutshell, yes. The username & password is still sent across the network to the daemon as if you weren't using libpam-krb5. Instead of checking the passwd file, libpam-krb5 attempts to obtain a TGT from your KDC. Successfully obtaining a TGT means you are authenticated.
libpam-krb5 does *not* send passwords across the network; it is the client
software that would be sending passwords across the network in the clear
if being used from a PAMified network server. This is not a function of
libpam-krb5, but a function of PAM itself. Any communication between
libpam-krb5 and the KDC is properly secured.
Correct. I should have read the initial question more carefully. When you use libpam-krb5, the password is sent plain text, but it's not libpam-krb5 sending the plaintext... I read it as "does the password get sent in plaintext?"
Brian
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
