We have kerberized ssh v1.2.27 running on servers here, and connect to
them using ssh on some machines that have kerberized ssh clients, others
that have non-kerberized ssh clients. In all cases kerberos passwords
are used to authenticate.
I had assumed that if a client accepted a kerberos password to authenticate
me it meant that whether or not it was a kerberized ssh client it was
either:
* using kerberos ticket mechanism to avoid sending passwords on wire
or more likely:
* sending encrypted password to kerberized sshd on server, which
then did kerberos authentication.
but a user here has questioned this, and contends that a password is
sent unencrypted from the unkerberized ssh client to the kerberized sshd.
Can someone here clarify for me what goes on between an unkerberized ssh
client and a kerberized sshd in terms of encrypted/unencrypted communication?
Huge TIA!!
--
Judith Reed
[EMAIL PROTECTED]
(315) 453-2912 x5835
