If Kerberos is used for authetnication then no password is sent to the
server. If Kerberos is not used for authentication then the password
is sent to the server over an encrypted connection. BUT the password
is not used to perform Kerberos authentication on the server.
> We have kerberized ssh v1.2.27 running on servers here, and connect to
> them using ssh on some machines that have kerberized ssh clients, others
> that have non-kerberized ssh clients. In all cases kerberos passwords
> are used to authenticate.
>
> I had assumed that if a client accepted a kerberos password to authenticate
> me it meant that whether or not it was a kerberized ssh client it was
> either:
> * using kerberos ticket mechanism to avoid sending passwords on wire
> or more likely:
> * sending encrypted password to kerberized sshd on server, which
> then did kerberos authentication.
> but a user here has questioned this, and contends that a password is
> sent unencrypted from the unkerberized ssh client to the kerberized sshd.
>
> Can someone here clarify for me what goes on between an unkerberized ssh
> client and a kerberized sshd in terms of encrypted/unencrypted communication?
>
> Huge TIA!!
>
> --
> Judith Reed
> [EMAIL PROTECTED]
> (315) 453-2912 x5835
>
>
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
